Microsoft and Google warn that a new bug discovered in Internet Explorer for Windows 7, Windows 8, and Windows 10 can totally take over your PC.
If you haven’t moved beyond Internet Explorer, here’s another reason to do so: Google and Microsoft have discovered a new IE vulnerability that can take over your entire PC.
Microsoft published CVE-2019-1367 on Monday, a scripting engine memory corruption vulnerability that exists within basically every version of Internet Explorer for Windows 7, Windows 8.1, and Windows 10. (Discovery of the bug was credited to Clément Lecigne of Google’s Threat Analysis Group, and reported earlier by The Register.) The vulnerability “corrupt[s] memory in such a way that an attacker could execute arbitrary code in the context of the current user,” according to Microsoft.
The alert goes on explain what this means for users. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft says. “If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
In other words, if an attacker is able to convince you to click on an affected webpage, that attacker can do whatever they want to your PC and your stored data.