Microsoft recently identified a new critical security vulnerability in its Internet Explorer (IE) web browser. Microsoft has confirmed that the vulnerability is being targeted and exploited in the wild, so it is critical that IE users are aware of the issue and how to mitigate it.
This vulnerability (CVE-2020-0674) can be exploited by an attacker hosting a crafted website, and grants access to the system with the same privileges as the current user. The nature and location of the vulnerability mean that an attacker only has to trick a user into loading an infected webpage to initiate an attack, requiring just a single action by the user.
A security patch for this vulnerability was released on February 11th as part of Microsoft’s latest Patch Tuesday rollout. Due to the critical nature of this attack, Internet Explorer users should download and apply the patch as soon as possible. The patch can be found here, along with information about undoing a temporary work-around that some users may have applied. For users who applied the work-around, it is critical that it be undone before installing the official security patch.
The best way to guard against this vulnerability is simply to avoid using Internet Explorer at the very least until the official patch is installed. In fact, all users should be moving away from IE in general, and unsupported versions 9 and 10 in particular, as it is reaching the end of its supported lifespan. IE’s successor, Microsoft Edge or another modern browser like Firefox or Chrome will continue to receive updates and security patches even after IE is no longer supported.
For assistance with moving to a newer web browser, installing the new security patch, or for additional information on this vulnerability, please open a ticket with our support team or reach out to your ADNET Engagement Manager. If you have ADNET’s Foundations Desktop service, your patching is taken care of automatically by our team.
As always, we’re here to help address your questions and concerns.