TTCSIRT-191.122718: TT-CSIRT Advisory – Microsoft Security Updates

TTCSIRT-191.122718: TT-CSIRT Advisory – Microsoft Security Updates

Microsoft has released a security update stating that a remote code execution issue exists in the scripting engine that handles objects in memory in Internet Explorer ver 9, 10 & 11.

The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending a phishing email.

Further information on this vulnerability and how it can be mitigated can be found on the Microsoft Website at https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653#ID0EA