Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Critical Flaw Allows Remote Code Execution on Internet Explorer

Critical Flaw Allows Remote Code Execution on Internet Explorer

There exists a critical flaw in Internet Explorer that is currently vulnerable to exploit.  Microsoft has released a security advisory marked “critical” which is the highest risk according to their rating system.  The flaw is triggered when a user opens a web page containing the exploit.  IE is then taken advantage of and the exploit is able to run arbitrary code at the same level of the user, which in many cases on Windows is at the Administrator level. 

Microsoft has made security update 3081444 available to patch this flaw.  The company reports that this flaw is being targeted by exploits in the wild, but provided no further details of what specific attacks are being taken.

This flaw affects all supported versions of Internet Explorer 7 and higher.  (This is not to say prior versions of IE are not supported, just that they are not patched by this advisory.)  The systems affected by this vulnerability include Internet Explorer 11 running on Windows 10 and those running Windows Server Technical Preview.

According to Microsoft, users should install security update 3078071 (released August 11, 2015) before applying this update.  A knowledge base article has been provided as a companion to Microsoft Security Bulletin MS15-93.  To update their system and correct the flaw, users can use Windows Update or the aforementioned security bulletin to download a patch for their specific system.

Rate this Article