Security researchers said the fix for the remote execution flaw found in Microsoft Internet Explorer should top the patching list for security pros following Patch Tuesday yesterday.
“Internet Explorer is being exploited in the wild, so this should be top of the list to patch,” said Kevin Breen, director of cyber threat research at Immersive Labs. “There’s a social engineering element at play here, as an attacker would have to trick a user into visiting a site they control using, for example, a spear phishing or malvertising campaign.”
This kind of exploit would give the attacker the same operating system permissions as the user visiting the website, Breen added. That means if someone browses the internet as a standard user, the attacker will get user-level access to that person's file system and limited access to the operating system.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.