[NJTechDiv] IE emergency patch

Mario Brusco mrb620 at hotmail.com
Wed Sep 25 00:40:16 UTC 2019 

	Microsoft warning: Install this emergency patch now.
https://www.komando.com/happening-now/598781/microsoft-warning-install-this-emergency-patch-now

By Janet Perez, Komando.com.

In a rare move by the tech giant, Microsoft is telling users to download 
an emergency out-of-band security patch immediately. The  patch is meant 
to close up a security flaw that can be exploited by hackers.

It's found in some versions of Internet Explorer. Specifically, the flaw 
could corrupt memory and allow a hacker to remotely run  malicious code 
on an affected device and take it over.

A user could be infected by visiting a malicious web page or clicking on 
an email designed to exploit the vulnerability through  Internet 
Explorer. That opens the door for attackers to execute malware to get 
into a computer. The flaw could also infect entire  servers.

If a user has administrative rights, a hacker who has successfully 
exploited the vulnerability could take control of an affected  system 
and install programs, view, change or delete data. They could even 
create new accounts with full user rights.

Microsoft rarely issues emergency patches outside of Patch Tuesday, 
which is the second Tuesday of each month. If you're  wondering how 
serious this vulnerability is, Homeland Security has also issued an 
advisory telling users to download the patch  immediately.

The vulnerability was discovered by Google’s Threat Analysis Group.

Who's at risk?

Luckily, attacks can be contained because the number of vulnerable users 
is not large. The security flaw affects more than 7% of  all browser 
users running affected versions of Internet Explorer 9, 10 and 11.
https://www.komando.com/happening-now/561728/microsoft-hack-gave-cybercriminals-full-access-to-your-email-content

However, because it affects a series of Internet Explorer versions, a 
number of operating systems can be at risk as well. All  supported 
versions of Windows are affected. This includes Windows 7, Windows 8.1 
and Windows 10. The flaw also affects  several Windows Server versions.

The patch has to be manually downloaded and executed. You can find the 
patch here.
https://www.catalog.update.microsoft.com/Search.aspx?q=KB4522007

 From the list, choose the update that corresponds with the versions of 
Internet Explorer and Windows that you are running.

There are reports that the flaw has already been exploited "in the 
wild," but Microsoft is not providing any details. Meanwhile,  Microsoft 
also issued an advisory that it had already fixed a flaw in another program.

More information about the NJTechDiv mailing list