Internet Explorer Zero Day Vulnerability (ID CVE-2018-8653)
Internet Explorer has 11.19% of internet browser market share, with most of it coming from business users. The vulnerability impacts:
- Internet Explorer 11 from Windows 7 to Windows 10
- Windows Server 2012, 2016, and 2019
- Internet Explorer 9 on Windows Server 2008
- Internet Explorer 10 on Windows Server 2012
Vulnerability Technical Description
There is a flaw in the browser’s scripting engine that allows for remote code execution and corrupts memory. Here’s Microsoft’s release.
In Layman’s Terms
Bad actors can draw your users running IE9, IE10 or IE11 to a malicious website. This could happen via a phishing email or by one of your employees stumbling upon a malicious website by accident. Depending on the administrative rights of the user, the attacker can then take control of the user’s system and install malware, add additional user accounts, or modify, view, change, or delete data.
Agio Clients (who we manage patching for, specifically)
This patch will be rolled out tomorrow for our clients. Note: If for any reason this is not the case for a specific client, your Account Manager will reach out directly.
- Be extra sensitive to phishing campaigns this time of year – hackers leverage the giving season to their advantage. They also know most of us are busy rushing around trying to wrap up work, attend holiday parties, and finish our holiday shopping. When we’re distracted, we click without thinking.
- Ensure your systems have the latest patches.
- If you’re using Internet Explorer, make sure you’re running the most up-to-date version, and we urge you to apply the latest Windows updates as well.