Oh, boy! Researchers found another unpatched Windows bug

Costea Lestoc By: Costea Lestoc
2 minute read
unpatched windows vulnerabilities

Home » News » Oh, boy! Researchers found another unpatched Windows bug

Security experts discovered a Windows vulnerability rated as a medium-severity. This allows remote attackers to execute arbitrary code and it exists within the handling of error objects in JScript. Microsoft didn’t roll out a patch for the bug yet. Trend Micro’s Zero Day Initiative Group revealed that the flaw was discovered by Dmitri Kaslov of Telespace Systems.

The vulnerability is not exploited in the wild

There’s no indication of the vulnerability being exploited in the wild, according to Brian Gorenc, ZDI’s director. He explained that the bug would only be part of a successful attack. He continued and said that the vulnerability allows code execution in a sandboxed environment and attackers would need more exploits to escape the sandbox and execute their code on a target system.

The flaw allows remote attackers to execute arbitrary code on Windows installations but user interaction is required, and this makes things less horrible. The victim would have to visit a malicious page or open a malicious file which would allow the execution of the malicious JScript on the system.

The glitch is in Microsoft’s ECMAScript standard

This is the JScript component that’s used in Internet Explorer. This causes problems because by performing actions in the script, attackers could trigger a pointer to be reused after it has been freed. The bug was first sent to Redmond back in January this year. Now. It’s being revealed to the public without a patch. The flaw is labeled with a CVSS score of 6.8, says ZDI and this means it flaunts a moderate severity.

According to Gorenc, a patch will be on its way as soon as possible, but no exact date has been revealed. So, we don’t know if it will get included in the next Patch Tuesday. The only available advice is for users to restrict their interactions with the application to trusted files.

RELATED STORIES TO CHECK OUT:

Discussions

Next up

Download Windows 10 KB4491101 to fix OS stability issues

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Microsoft just released cumulative update KB4491101 for those who are running Windows 10 V1507 (RTM version). The update is just restricted to the users of Windows 10 […]

Continue Reading

This version of Office has been deprovisioned [FIXED]

Rabia Noureen avatar. By: Rabia Noureen
4 minute read

It is certainly annoying to face issues in your system when you have to finish off the most important task that has been assigned by […]

Continue Reading

Windows 10 v1809 KB4482887 lands next Tuesday

Irfa Batool avatar. By: Irfa Batool
2 minute read

Microsoft is planning to rollout Cumulative Update KB4482887 for Windows 10 version 1809 next week. For the time being, the update is available only for Preview […]

Continue Reading