Earlier today, Microsoft released an out-of-band patch to address a critical vulnerability that affects all versions Internet Explorer. It should be noted that Windows 10 is also affected due to its default installation of IE 11. The vulnerability (CVE-2015-2502), discovered by Clement Lecigne of Google, is a memory corruption bug allowing a remote attacker to execute arbitrary code in the context of the current user. In order to exploit this vulnerability, an attacker would host a malicious website and, using a bit of social engineering, convince the victim to browse to it. If the victim were running with administrative privileges, the entire system could be compromised. This should serve as yet another reminder to never follow untrusted URLs and enforce
least privilege access in your organization whenever possible.
As always, BeyondTrust is working hard to keep you and your network protected and has provided the following audits (available in audits release 2956) to detect this vulnerability:
48215 - Microsoft Security Update for Internet Explorer (3088903) - KB3087985
48216 - Microsoft Security Update for Internet Explorer (3088903) - KB3081444
Learn more about our
vulnerability management and
privileged account management solutions to help keep your organization safe from cybersecurity attacks.
