Internet Explorer has a major security flaw, but Microsoft can’t patch it yet
A patch will be made available next month even though the flaw is currently being exploited in the wild
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Following the reveal of a major security flaw inInternet Explorerthat is currently being exploited by hackers,Microsofthas confirmed its existence though the software giant has no immediate plans to release a patch to fix it.
The security flaw in the company’s legacy browser was first disclosed by a division of Homeland Security called US-CERT, that reports on major security flaws, in atweetwhich contained a link to a security advisory concerning the bug. According to theadvisory, the vulnerability has already been “detected in exploits in the wild”.
All supported versions of Windows, includingWindows 7which will no longer receive security updates, are affected by the flaw according to Microsoft.
Internet Explorer vulnerability
The vulnerability concerns how Internet Explorer handles memory and an attacker could leverage the flaw to remotely run malicious code on an affected computer. It also bears a striking resemblance to a similar vulnerability that was recently disclosed byMozilla.
The Chinese security research team Qihoo 360 was the first to find the security flaw being used by attackers in the wild. However, the research team, Microsoft and Mozilla do not yet know which attackers are exploiting the flaw, how they’re doing it or who they’re targeting.
The security flaw appears to be serious enough that even the US Cybersecurity and Infrastructure Security Agency (CISA) has issued awarningregarding it, which reads:
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC’s Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available. Consider using Microsoft Edge or an alternate browser until patches are made available.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Microsoft is currently working on a fix for the issue but a patch likely won’t arrive until the company’s next round of monthlysecurity fixeswhich is scheduled for February 11.
ViaTechCrunch
After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.
This new phishing strategy utilizes GitHub comments to distribute malware
Should your VPN always be on?
Anker Nebula Mars 3 review: A powerful and truly portable projector
