Microsoft announced that it’s developing a fix for a zero-day vulnerability in Internet Explorer that was exploited by a hacking group named DarkHotel. The vulnerability, tracked as CVE-2020-0674 and defined as a memory corruption issue, impacts the scripting engine in Internet Explorer version 9, 10, and 11 when running on Windows 7, 8.1, 10, Server 2008, Server 2012, Server 2016, and Server 2019.
Microsoft stated that attackers can exploit the flaw to launch remote code execution on the targeted device by tricking a user into clicking a malicious website or a link sent via email. The tech giant released a security advisory, named ADV200001, which includes mitigations to apply in order to protect vulnerable systems from threats.
In its advisory, Microsoft explained, “A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs, view, change, delete data or create new accounts with full user rights.”