![]() Microsoft EMET (Enhanced Mitigation Experience Toolkit) provides protection against the exploit by patching memory, so the arbitrary code is not executed. The use of previously-freed memory can have any number of adverse consequences, ranging from the corruption of valid data to the execution of arbitrary code, depending on the instantiation and timing of the flaw. Use-After-Free consists of “referencing memory after it has been freed, which can cause a program to crash, use unexpected values, or execute code” according to. Technically, the MS15-093 patch calls objects via “CTable :: GetAncestorTableOfTablePart”, which can be exploited to run code in memory via a Use-After-Free trick that evades detection. The vulnerability occurs in the way that Internet Explorer handles the layout of the cache tables. ![]() The security hole in Internet Explorer just became a Zero Day vulnerability. Update: How cyber criminals are exploiting the vulnerability Internet Explorer remains the fourth most used browser in the world, with 13,4% market share in June 2015 according to W3Schools or 12,88% market share, in the same timeframe, according to StatCounter. For more information about the vulnerability, see the Microsoft Security Bulletin MS15-093. Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R users are also affected. The approximate amount of people affected by this vulnerability would reach over 220 million users, according to the estimations presented above, since the vulnerability occurs in IE7 and up to IE11 on all supported versions of Windows (Vista, Win 7, Win 8, Win 10). Internet Explorer 11 – 4,2% of (approximately 130,2 million users) Internet Explorer 10 – 0,8% of (approximately 24,8 million users) Internet Explorer 9 – 1,2% of (approximately 37,2 million users) Internet Explorer 8 – 0,9% of (approximately 27,9 million users) Internet Explorer 7 – 0,1% of (approximately 3,1 million users) Let’s see which IE versions are affected and how many users could be compromised (mind you, the figures are estimated according to the current number of Internet users in the world – 3,1 billion). Internet Explorer may be the browser you use to download Chrome or Firefox, but it’s still used by millions. This is especially dangerous for those who use an administrator account on their PC on a daily basis (which we don’t recommend). It is, indeed, a serious security problem for users, because the security hole could lead to various malicious exploits, as noted by Microsoft:īy exploiting this vulnerability, cyber criminals could compromise your entire system and infect it with malware, while also collecting confidential data or overriding security features to gain control of your PC. Patch Tuesday came in with quite the update yesterday, when Security Update for Internet Explorer (3088903) was announced by Microsoft, that called it “critical”. What you need to know about the IE security patch Although you may not use IE on a daily basis, here’s why it’s important to update your system and get the patch now. Yesterday evening, Microsoft released an emergency patch for a critical Internet Explorer vulnerability.
0 Comments
Leave a Reply. |