After a major security flaw was found in Mozilla’s Firefox browser this week, a similar vulnerability has now been found in Microsoft’s Internet explorer. Microsoft confirmed the existence of the threat but it still has to take action on it. According to Microsoft’s advisory, “Microsoft is aware of limited targeted attacks”
Microsoft informed that all the supported versions of windows after windows 7 itself are affected by this flaw which is actively being manipulated by hackers. Still, no information has been given by the company on ways to exploit the bug, identity of hackers or the people who were targeted neither it has told when the vulnerability will be debugged. It has assigned a CVE-2020-0674(common vulnerability identifier) to the bug. Microsoft is unlikely to release a patch until next monthly security update rolls out which is scheduled on February 11.
Internet Explorer can be used by hackers to run malicious code remotely on target system which can then trick a user into opening a malicious website from a search query or a link sent through email. This active vulnerability is found in the way internet explorer handles memory
Qihoo 360, a china based security research team helped Microsoft in finding this flaw. This is the same security company credited with backing the removal of a similar flaw from Firefox.
If all this doesn’t scare Internet Explorer users enough then in a tweet, US-CERT, the division of Homeland security described the bug as “Being exploited in the wild”. U.S. government’s cybersecurity advisory unit has in a warning encouraged internet explorer users to prefer using Microsoft edge or an alternative browser until patches are made available.