Internet Explorer Screenshot

Microsoft has rolled out an emergency update for Windows 10 to solve an issue with Internet Explorer, the company’s legacy web browser. This is an out of band update that has arrived after Google security analysts discovered the problem.

In a security notice, Microsoft said the IE vulnerability was discovered by Clement Lecigne from Google’s Threat Analysis Group. This zero-day problem has resulted in Microsoft rolling out patches across Windows 10 versions.

The limited number running Windows 10 October 2018 Update (version 1809), Microsoft sent out KB4483235. This brings the October 2018 Update up to build number 17763.195.

Advertisement

For users running Windows 10 April 2018 Update (version 1803), you can download KB4483234 and bring the platform to build number 17134.472.

Users on the Windows 10 Fall Creators Update (version 1709), Microsoft has bumped the OS to build number 16299.847 with KB4483232.

In response to the problem with Internet Explorer, Microsoft sent out the following security bulletin:

CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.”

Other Windows Versions

Microsoft is also rolling out updates for older Windows 10 versions. Those running the Creators Update (version 1703) can pull in KB4483230, bumping it to build number 15063.1508. It is worth noting that Microsoft only supports version 1703 on Education and Enterprise these days, so the update is limited to those versions.

Advertisement