Microsoft has released an emergency patch for all versions of Internet Explorer, due to a critical vulnerability that's reportedly under active exploit. The CVE-2015-2502 vulnerability is described as a "Memory Corruption Vulnerability," and can allow for remote code execution under the active user's credentials, leading to potential exfiltration of user data. If the user has administrator permissions, an attacker can gain complete control over the system.
According to the company, all a user has to do is visit a specially-crafted website for the exploit to be triggered. All Internet Explorer versions from 7 to 11 are affected, and the vulnerability is rated "Critical" for all current supported operating systems (Windows Vista to Windows 10.) For server versions of Windows, Microsoft uses the "Moderate" rating, since Internet Explorer runs in Restricted mode by default on those operating systems.
All users are advised to install the update immediately, either via Windows Update or direct download from the MS15-093 Security Bulletin page.
|Amazon powers up Fire TV Stick with quad-core SoC||13|
|Adata XPG SX8000 SSD has game libraries in mind||19|
|Cat5e and Cat6 cables get a 5Gbps speed boost||52|
|BIO-key fingerprint readers let users get in touch with Microsoft Hello||9|
|Google Translate gets a boost from deep neural networks||5|
|BlackBerry will no longer make BlackBerries||19|
|Nanoxia Project S case slides into home-theater setups||21|
|Nvidia previews Xavier SoC with Volta GPU for self-driving cars||22|
|be quiet! Silent Loop AIO liquid coolers hum along quietly||4|