Microsoft issues ‘critical’ warning for Internet Explorer zero-day
Microsoft issued a patch Tuesday to close a zero-day exploit in all supported versions of Internet Explorer.
The patch, given a “critical” rating by the company, calls for updates to every supported Windows system, including Windows 10.
The exploit works by letting attackers exploit a memory flaw in IE, allowing for remote code execution that allows attackers to gain the same user rights as the current user. In other words, the higher up the admin chain a user sits, the more potential for damage inside a network.
The vulnerability, known as CVE 2015-2502, does not affect Microsoft Edge, the new browser packaged with Windows 10.
The flaw can be fixed via Windows update or by downloading a patch from the company. For more information, visit the security bulletin Microsoft released Tuesday.