Microsoft Releases Emergency Security Update for Actively Exploited Vulnerability

Discussions of applications and operating systems and any problems, tips or suggestions. Win XP, 9x/2k, Linux, NT, photo editing, Virus/Spyware help
Post Reply
User avatar
Executioner
Life Member
Posts: 10133
Joined: Wed Nov 22, 2000 11:34 am
Location: Woodland, CA USA

Microsoft Releases Emergency Security Update for Actively Exploited Vulnerability

Post by Executioner »

Microsoft has released an emergency security update to patch an actively exploited vulnerability in Internet Explorer. CVE-2018-8653 addresses a remote code execution vulnerability caused by the way the scripting engine handles objects in Internet Explorer. The exploit corrupts memory in such as way that an attacker can execute arbitrary code in the context of the current user. The attacker will have the same rights as the current user. If the user is logged in as an administrative rights user then the attacker can change, delete, install, create new accounts or view any data that they wish. Web-based attackers can create a website designed to trigger the exploit. I ran Windows Update and it installed the update in a few seconds.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.

https://portal.msrc.microsoft.com/en-us ... 3#ID0EMGAC

I don't use IE, but I think that Steam does.
User avatar
FlyingPenguin
Flightless Bird
Posts: 32773
Joined: Wed Nov 22, 2000 11:13 am
Location: Central Florida
Contact:

Re: Microsoft Releases Emergency Security Update for Actively Exploited Vulnerability

Post by FlyingPenguin »

Nope. Steam uses Chromium, the open source version of Chrome.
"Turns out I’m 'woke.' All along, I thought I was just compassionate, kind, and good at history. "

Image
Post Reply