Microsoft has released an out-of-band patch for a zero-day vulnerability affecting the Internet Explorer web browser. CVE-2018-8653 is a memory corruption vulnerability that could allow remote attackers to execute arbitrary code on affected systems. Microsoft has reported active exploitation of this vulnerability in the wild. Organizations are encouraged to apply the patch released by Microsoft as soon as possible. 

What we’re doing about it

  • The eSentire Threat Intelligence Team is monitoring this issue for additional information
  • Current esRECON plugins detect CVE-2018-8653 in Windows products 

What you should do about it

  •  Update the Internet Explorer browser to the most recent version [1]

 Additional information

When successfully exploited, CVE-2018-8653 allows remote code in the context of the current user. 

Potential attacks may include malicious webpages delivered through email, social engineering or other redirection methods which result in malicious content rendered in vulnerable versions of Internet Explorer.   

Internet Explorer versions 9, 10 & 11 are affected [2]. 

Resources:

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653

[2] https://nvd.nist.gov/vuln/detail/CVE-2018-8653

 

eSentire Media Contact

Ready to start the conversation?

Let's Talk