Published on: 20 December 2018
Microsoft has released a security advisory addressing the scripting engine memory corruption vulnerability in Microsoft Internet Explorer. An authenticated attacker could exploit this vulnerability by enticing a user to visit a specially crafted website.
Reports indicate active exploitation against the vulnerability in the scripting engine of Microsoft Internet Explorer (CVE-2018-8653) has been observed. Users are advised to take immediate action to patch the affected systems since there is elevated risk of cyber attacks for the vulnerability.
A successful attack could lead to arbitrary code execution or take control of affected systems.
Patches for affected products are available from the Windows Update/Microsoft Update Catalog.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653
https://www.hkcert.org/my_url/en/alert/18122001
https://www.us-cert.gov/ncas/current-activity/2018/12/19/Microsoft-Releases-Security-Updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8653