This article is reproduced from IT House. IT House News on March 12 According to HotHardWare reports, Microsoft blocked an IE browser vulnerability, which has been used by hackers many times to gain control of the server.
In January of this year, Google warned security researchers that hackers were using IE vulnerabilities to launch attacks. Initially, the Google Threat Analysis Team (TAG) and other researchers discovered that hackers used a virus on a blog site to get all computers visiting the site to be recruited. Now, Microsoft has patched this critical vulnerability in Internet Explorer and Microsoft Edge.
When TAG announced an attack using an IE vulnerability earlier this year, several security personnel stated that the hacker pretended to be a researcher and contacted them to "collaborate" on a project. After establishing trust for a period of time, the hacker asked the researcher to use Internet Explorer to open a web page, and then a malicious backdoor software would be installed on the computer system, and the hacker would have control of the server.
The vulnerability was named CVE-2021-26411 and was rated 8.8 points in the CVSS score, which means it is quite dangerous. Microsoft explained in the report that using the vulnerability is very simple. It only requires a website specially made for the vulnerability, but it requires interaction between the user and the web page to take effect. In fact, it may not be possible for hackers to succeed.
IT Home learned that Microsoft patched the vulnerability on March 10, but in its security update announcement stated that the vulnerability not only affects IE, but also Edge. The latter is a new browser created by Microsoft from the ground up, which is better than IE. It is much safer, but there is no report that hackers actively used the vulnerability to target Edge browser users.
The patch is part of Microsoft's Tuesday update. Microsoft released a total of 89 patches. In addition to the IE vulnerability, a separate escalation privilege vulnerability in the Win32k component has also been fixed. The patch will be automatically installed in the next one or two days. Users who want to update immediately can go to Start>Settings (gear icon)>Update and Security>Windows Update to install these security patches.