Microsoft patches actively exploited zero-day in IE as wel as 73 security issues
If you received a Windows update yesterday, it was related to this news-item. Microsoft patched an actively attacked vulnerability in Internet Explorer and 73 other vulnerabilities during yesterday’s Patch Tuesday of February.
The zero-day vulnerability in Internet Explorer was discovered by Google and allowed attackers to test for the presence of specific files on disk reports myce:
To become a victim of the attack, a user only had to visit a malicious website. While Microsoft reports the issue is actively attacked, it’s unknown where the attack took place, how it was discovered and what kind of files attackers were looking for. These kinds of “information disclosure” vulnerabilities have been abused in the past to collect all kinds of data on attacked systems. It e.g. allows attacker to check for specific security software or to check whether the system is part of a virtual machine or automated system used by security researchers.
Microsoft also patched four vulnerabilities this month of which details were already disclosed before the company released patches for them. According to Microsoft, none of the vulnerabilities have been targeted in an attack.
From those four, the first is an information disclosure attack in Windows which allows an attacker to read the contents of files on a computer. The second vulnerability was in Exchange Server and allowed an attacker to gain the same privileges as other users. This way the attacker could access the mailbox of other users and read their emails.
The other two vulnerabilities were in Microsoft’s Team Foundation server and allowed an attacker to read content for which he was not authorized, to execute malicious code and to perform all kinds of actions in name of other users, such as changing and deleting content.
Microsoft further patched vulnerabilities in Internet Explorer, Edge, Windows, Office ChakraCore .NET Framework, Exchange Server, Visual Studio, Azure IoT SDK, Microsoft Dynamics, Team Foundation Server and Visual Studio Code. On most computers the patches are automatically downloaded and installed.
Microsoft fixes connection problems with Windows Update - 02/07/2019 08:47 AM
Microsoft has been having DNS issues, with the result that Windows users did not get their updates. Microsoft has confirmed that the problems are solved and updates can be installed again. ...
Microsoft confirms problem with Windows 10 update halting systems from starting - 02/04/2019 09:10 AM
Microsoft has confirmed an issue with the latest update for Windows Defender for both Windows 10 and Windows Server 2016. The update was released earlier this week and due to the issue, some Windows 1...
Promo: Microsoft Windows 10 Pro and Office 2016 Pro for 34 USD - 02/01/2019 09:14 AM
URCDKey is a license site available for various platforms, whether for software or games. URCDKeys brings as a novelty the offer at a competitive price known Microsoft widow 10 Pro OEM or Microsoft O...
Microsoft will add ‘login with SMS code’ options on all Windows 10 versions - 01/07/2019 09:14 AM
Microsoft announced all Windows 10 versions will get the option to set up and sign in to the operating systems through SMS / text messages. By using this option, you can login without using a password...
Microsoft to launch 4K webcams in 2019 - 12/24/2018 09:54 AM
Hmm think Windows Hello here? A biometric authentication system can use your face, iris, and fingerprint, among other things, to log in on your Windows 10. Now it seems that Microsoft has a number o...
Senior Member
Posts: 204
Joined: 2016-12-28
HH:
"Aoccdrnig to rscheearch at Cmabrigde Uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer be at the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae the huamn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe."
I know, I know, that happens when you rush to publish the news on the best site of the industry

Senior Member
Posts: 10452
Joined: 2013-01-17
You want the team of IE to resolve issues in DX?
Senior Member
Posts: 5640
Joined: 2012-11-10
This is one of the few cases where I'll give MS a pass for sloppy testing. Nobody should be using IE in the first place if security exploits are a concern to them.
Senior Member
Posts: 12057
Joined: 2014-07-21
Liked for style points.
Liked for the second thought scare.
Posts: 6074
Joined: 2011-01-02
M$: If you have game problem I feel bad for you son, I got 73 security issues but DX ain't one.