Microsoft Issues Emergency Fix for Internet Explorer: Scripting Engine Memory Corruption (CVE-2018-8653)

December 20, 2018

Summary

Microsoft just published an out-of-band patch for Internet Explorer. It fixes a memory corruption vulnerability in the scripting engine. This vulnerability is identified as CVE-2018-8653.

When successfully exploited, Internet Explorer could execute arbitrary code in the context of the current user. To exploit the vulnerability, the victim must just visit a malicious web page delivered through a phishing email or social engineering. [1]

Impact

  • Execute arbitrary code in the context of the current user.
  • In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

Vulnerable

Recommendations

The bSecure Team notes that Palo Alto has released new vulnerability signatures to detect and protect users against this threat. All users whose workstations are on the protected side of one of these firewalls and utilize a vulnerability profile that blocks critical threats will have attempts to exploit this vulnerability blocked by the firewall. In practice, this means that any place where the security profiles for the traffic are set to one of the ISP configured default profiles, or are set to a phase2 profile, will be protected.

References

[1] https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explo...

[2] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2...