Microsoft’s latest Patch Tuesday updates have addressed 54 flaws. Out of these 54 issues, 15 security vulnerabilities concern Microsoft’s browsers. This only shows just how vital it is for Microsoft Edge and Internet Explorer users to install the security updates as soon as possible.
IE could load restricted data
CVE-2018-0949 is an Internet Explorer security feature bypass flaw that is able to affect the browser on all Windows versions. Here’s what Microsoft said about this issue:
A security feature bypass vulnerability exists when Microsoft Internet Explorer improperly handles requests involving UNC resources. An attacker who successfully exploited the vulnerability could force the browser to load data that would otherwise be restricted.
To exploit the vulnerability, cybercriminals would need vulnerable systems in order to load a crafted website on an unpatched system that runs Internet Explorer. The tech giant also said that exploitation is more likely even if the company did not find any attacks in the wild just yet.
Microsoft fixes a few Edge security issues
Microsoft notes that attackers couldn’t possibly force users to view the attacker-controlled content. Instead, attackers would have to convince users to take action. For instance, they could trick users into clicking links that take them to the hacker’s website. Of course, in such case, exploitation is more than likely. It’s also important to note that the flaw doesn’t exist in older versions of Windows 10. This flaw has not been publicly disclosed yet.
You will be able to find these new fixes available via Windows Update, and you will need to reboot your computer in order to complete the installation process.
RELATED STORIES TO CHECK OUT:
- Windows 10 April 2018 Update lets you install Fonts from the Store
- Windows 10 April 2018 Update bug kills SMBv1 protocol
- Microsoft Edge blocks video autoplay in Windows 10 Redstone 5