Microsoft released today security fixes for some of its products as part of its Patch Tuesday update cycle. One of the patches is an Internet Explorer zero-day vulnerability that was exploited in drive-by downloads from South Korean websites.
The vulnerability in question is CVE-2016-0189, a security flaw described by Microsoft as a "Scripting Engine Memory Corruption Vulnerability" that affects Internet Explorer 9, 10 and 11, and also Interne Explorer 11 running on Windows 10.
The vulnerability also affects users running Microsoft JScript 5.8 and 5.7 and Microsoft VBScript 5.8. Microsoft's MS16-051 and MS16-053 security bulletins provide more details.
Phishing emails led to websites hosting drive-by downloads
According to security firm Symantec, the company identified a malicious group sending spear-phishing emails that contained a link to a .co.kr domain.
[...]
Full Article: Microsoft Patches Internet Explorer Zero-Day Used in Attacks in South Korea
The vulnerability in question is CVE-2016-0189, a security flaw described by Microsoft as a "Scripting Engine Memory Corruption Vulnerability" that affects Internet Explorer 9, 10 and 11, and also Interne Explorer 11 running on Windows 10.
The vulnerability also affects users running Microsoft JScript 5.8 and 5.7 and Microsoft VBScript 5.8. Microsoft's MS16-051 and MS16-053 security bulletins provide more details.
Phishing emails led to websites hosting drive-by downloads
According to security firm Symantec, the company identified a malicious group sending spear-phishing emails that contained a link to a .co.kr domain.
[...]
Full Article: Microsoft Patches Internet Explorer Zero-Day Used in Attacks in South Korea
