In an advisory issued Monday, Sep 23, Microsoft warned that Internet Explorer (IE) suffers from a critical vulnerability that can be used to bypass the host device’s security, giving threat-actors effective control over the system.
The company mentioned that it patched the vulnerability, but not before it was already exploited.
Critical IE Vulnerability can Corrupt Host System’s Memory
The advisory brushed upon some of the key issues plaguing IE’s built-in safety features. More specifically, the company underlined a remote code execution vulnerability that corrupts the host system’s memory. This paves the way for the attacker to execute arbitrary codes without alerting the unsuspecting users.
In the process, the attacker can gain the same user rights that the current user is privy to. For example, if the user is logged in as an administrator, the attacker will also gain administrative user rights.
In other words, with some luck, the attackers could effectively be controlling every aspect of the target computer once they successfully mess around the system’s memory. This includes installing/removing programs, wiping out data, accessing all files, and whatnot!
The advisory added:
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
While Microsoft didn’t delve into the technical nitty-gritty, the advisory did mention that a recent security update patched the vulnerability by improving how the scripting engine accesses and interacts with objects in memory.
Using IE in the Age of Blockchain and Deep Learning Makes Little Sense
This newly revealed vulnerability, combined with the fact that attackers had already exploited it, signifies that using Internet Explorer is definitely not a bright idea from a security point-of-view.
What’s surprising here is that it has been more than four years since Microsoft officially ditched the archaic browser, but apparently too many people are still using it to go online. This, at a time when browser-technology is becoming increasingly more sophisticated and could soon enter a whole new league security-wise with (possibly) the integration of deep learning and blockchain technology.
IBM, for example, filed an application for a blockchain-based web browser with the United States Patent and Trademark Office. The patent application, originally filed in 2018, claims that by integrating blockchain with browser technology, the new innovation will ensure that users remain in full control of their privacy rather than having to rely on a third-party for it.
Do you even remember the last time you used Internet Explorer? Was it for downloading Chrome/Firefox when you were still using an older Windows OS? Let us know in the comments below. And while you are at it, also share your thoughts on IBM’s idea of a blockchain browser.