Microsoft has released an update for a zero day vulnerability in Internet Explorer that can grant an attacker full access to a victim computer simply by having the target visit a malicious website. The bug ( CVE-2018-8653) was reported by Google.
Cyber Tech Cafe MyIT customers are already patched against the vulnerability. Additionally, signatures for the attack have already been released by ESET and Fortinet as an added layer of protection.
Additional Resources
- Microsoft TechNet – https://blogs.technet.microsoft.com/msrc/2018/12/19/december-2018-security-update-release-2/
- ESET – https://www.welivesecurity.com/2018/12/20/microsoft-emergency-patch-internet-explorer-zero-day/
- ThreatPost – https://threatpost.com/microsoft-ie-zero-day-gets-emergency-patch/140185/ https://threatpost.com/microsoft-ie-zero-day-gets-emergency-patch/140185/
- Brian Krebs – https://krebsonsecurity.com/2018/12/microsoft-issues-emergency-fix-for-ie-zero-day/