Latest in Gear

Image credit:

Microsoft will fix an Internet Explorer security flaw under active attack

Homeland Security has even warned about the vulnerability.
Jon Fingas, @jonfingas
January 18, 2020
Share
Tweet
Share

Sponsored Links

ASSOCIATED PRESS

Mozilla isn't the only one grappling with a serious web browser security flaw. Microsoft has confirmed to TechCrunch that it will fix an Internet Explorer security exploit already being used for "limited targeted attacks." The vulnerability lets attackers corrupt memory used for the scripting engine in IE9, IE10 and IE11 in a way that would let the intruder run arbitrary code with the same permissions as the user, letting them hijack a PC. It's believed to be similar to the Firefox issue disclosed a week earlier.

The issue is significant enough that Homeland Security issued an advisory encouraging people to both be aware of the flaw and consider implementing workarounds, including temporarily restricting access to jscript.dll.

Unlike the Firefox bug, though, you'll have to wait a while for a patch. Microsoft said it wasn't likely to provide its fix until its next monthly security release, slated for February 11th. Until then, you'll either have to consider workarounds or be cautious about clicking links to visit unfamiliar sites.

The risks might not be extremely high given the modern browser market. Microsoft has largely showed Internet Explorer to the side in favor of Edge, which just got a major Chromium-based revamp on January 15th, and you're statistically more likely to use a third-party browser like Chrome. Nonetheless, it's a headache -- Microsoft's past is coming back to haunt its present.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

MIT tests autonomous 'Roboat' that can carry two passengers

MIT tests autonomous 'Roboat' that can carry two passengers

View
NASA will try to stow away its leaking asteroid sample tomorrow

NASA will try to stow away its leaking asteroid sample tomorrow

View
Microsoft's 'Mandalorian' Xbox controller will set you back $160

Microsoft's 'Mandalorian' Xbox controller will set you back $160

View
Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

Samsung, Stanford make a 10,000PPI display that could lead to 'flawless' VR

View
Xbox Series X and Series S walkthrough is a day-one primer

Xbox Series X and Series S walkthrough is a day-one primer

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr