New Delhi: Microsoft has issued an emergency security update for a critical flaw in its Internet Explorer web browser.
The security loophole was being actively exploited by hackers to plant malware on targeted desktops.
Indexed as CVE 2015-2502, the bug can be exploited when vulnerable computers visit booby-trapped websites or open malicious HTML-based emails.
A report on Ars Technica notes that the bug involves the way the web browser stores in memory and results in an error that corrupts memory contents in such a way that an attacker could execute remote code in the context of the current user.
It could allow hackers to host specially crafter website to exploit the vulnerability and then convince the user to view the website, triggering further attacks and even taking complete control of the affected system.
The vulnerability is present in all supported versions of Internet Explorer and systems where the web browser is used frequently, such as workstations or terminal servers, are at the maximum risk from the vulnerability.
Through Patch Tuesdays, Microsoft regularly issues security updates to tackle bugs and other performance issues in its Windows operating system and recommends users to install them as soon as possible.
Comments
0 comment