A critical flaw in Internet Explorer forced Microsoft to release patches for Windows 7

Bad luck seems to have not been released yet for Microsoft and Windows 7.

Unfortunately, it seems that Microsoft and Windows 7 have not been released because recently, there has been another flaw appearing on Windows, this time in Internet Explorer 'old-fashioned' web browser. This vulnerability is rated as dangerous and is being actively exploited by malicious agents to gain unauthorized access to Windows computers.

This situation makes Microsoft forced to release a security patch for Windows 7 again, although the operating system has officially entered the phase of discontinuing support on January 14. Previously, Microsoft also had to break the rules, releasing two security patches for two vulnerabilities: The first flaw caused the user's desktop wallpaper to turn black completely, and the other flaw made it impossible for users. Shut down or restart their computer.

A critical flaw in Internet Explorer forced Microsoft to release patches for Windows 7 Picture 1A critical flaw in Internet Explorer forced Microsoft to release patches for Windows 7 Picture 1

Back to the latest issue on Internet Explorer. This is an error related to the Javascript tool and is being tracked with the identifier CVE-2020-0674, old as follows:

'A remote code execution flaw (RCE) stems from the way the script tool handles objects in the memory of Internet Explorer. The vulnerability could damage memory at the discretion of an attacker who executes code in a user's system. If the vulnerability is successfully exploited, the hacker will possess almost all the user privileges necessary to deploy malicious behaviors at will, such as installing programs; view, change or delete data; Create new accounts with full user rights .

In a web-based attack scenario, an attacker could host a website specifically designed to exploit the vulnerability through Internet Explorer and then deceive the user into accessing the site. They can also embed an ActiveX control marked as 'safe for initialization' in an application or Microsoft Office document that stores the IE rendering engine.

The new security update resolves the vulnerability through modifying the way the script tool handles objects in memory '.

Notably, the flaw could also be exploited through any application that stores HTML such as documents or PDFs on both Windows 8.1 and 10, not just Windows 7.

4 ★ | 1 Vote