Microsoft has released an out-of-band security update today, December 19, for an Internet Explorer vulnerability that is currently being abused in the wild.
The OS maker credited Clement Lecigne of Google’s Threat Analysis Group with discovering and reporting the IE zero-day. According to a security advisory released at the same time with the update package, the IE zero-day can allow an attacker to execute malicious code on a user’s computer.
Tracked as CVE-2018-8653, this zero-day can be exploited in web-based scenarios, where an attacker lures a user on a malicious site that runs malicious code on his computer.
By Catalin Cimpanu
to read the full article click here.