Microsoft patches actively exploited Internet Explorer flaw

The latest Patch Tuesday sees the Windows developer patch a fifth actively exploited bug disclosed within a week

The Internet Explorer icon as seen on a smartphone in behind a screen with lines of code

Microsoft has fixed dozens of security flaws across its suite of products, including a critical Internet Explorer bug that’s been previously exploited by state-backed North Korean hackers to attack security researchers.

The flaw, tracked as CVE-2021-26411, is a memory corruption vulnerability that’s allowed hackers to run malware on victims’ machines by luring them into accessing a malicious website.

This is the fifth actively exploited Microsoft vulnerability to be patched in recent weeks, after four Microsoft Exchange Server flaws were disclosed last week. 

These five fixes were included in the latest Patch Tuesday wave of updates among 89 patches across Microsoft products, including fixes for 14 critically-rated vulnerabilities.

The latest actively-exploited remote code exploitation flaw affects Internet Explorer versions 9 and 11, as well as the HTML-based Microsoft Edge, which itself reached end-of-life today. Internet Explorer will stop being supported with updates from 17 August this year.

The Internet Explorer vulnerability was previously reported as a zero-day by the South Korean security firm Enki in February, which itself was targeted by hackers exploiting the bug.  

To trigger the exploit, an attacker would first have to craft a website, or take advantage of a compromised website and convince a user to view it. This would usually be done by undergoing a phishing exercise, either by sending an email or text message or prompting users to download a malicious email attachment.

Related Resource

Cost of a data breach report 2020

Find out what factors help mitigate breach costs

cost of a data breach report 2020 - whitepaper from IBMDownload now

The discovery of a sixth actively-exploited flaw in recent weeks is sure to raise alarms considering the potentially devastating effects that the recent Microsoft Exchange Server exploitation has rendered.

The White House weighed in over the weekend, advising businesses to patch their systems immediately due to the risk of intrusion, with security researchers warning there could be hundreds of thousands of prospective victims across the world. One organisation that’s among the first confirmed victims of the attacks is the European Banking Authority

Featured Resources

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Security best practices for PostgreSQL

Securing data with PostgreSQL

Download now

Transform your MSP business into a money-making machine

Benefits and challenges of a recurring revenue model

Download now

The care and feeding of cloud

How to support cloud infrastructure post-migration

Watch now

Recommended

Hackers leak data from dark web marketplace
cyber security

Hackers leak data from dark web marketplace

9 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Hackers sell $38 million in gift cards on Russian marketplace
hacking

Hackers sell $38 million in gift cards on Russian marketplace

7 Apr 2021
Personal data of 533 million Facebook users found on hacking forum
data protection

Personal data of 533 million Facebook users found on hacking forum

5 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
Hackers are using fake messages to break into WhatsApp accounts
instant messaging (IM)

Hackers are using fake messages to break into WhatsApp accounts

8 Apr 2021
Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO
Hardware

Alienware’s new gaming laptop is a kick in the teeth for Intel’s new CEO

8 Apr 2021