The vulnerability occurs when Internet Explorer attempts to access a deleted or not properly allocated area of memory. The corrupt data allows the attacker to gain the same user rights as the victim, before executing arbitrary code to visit malicious websites or cause other damage.
Upon discovering the vulnerability, Microsoft has responded swiftly and stated how they plan to protect their users. The updated advisory offers some clarity on the security threat, stating that if the user is logged on with administrative rights then the exploit could take control of their entire system. The revision reiterates that the victim must voluntarily click on the malicious website, thus making this exploit less widespread.
The article features a Microsoft statement, saying:
Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs.The company also encourages users to check the Microsoft Safety & Security Center for help on further protection.
Full Article