Microsoft’s February 2020 Patch Tuesday has addressed 99 vulnerabilities in its products – including 12 critical security flaws.
One of these flaws is a scripting engine memory corruption vulnerability found in Internet Explorer.
According to Microsoft, this flaw is being exploited in the wild and can result in a malicious party attaining complete control of a host device.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website,” said Microsoft.
To fix this, Microsoft will be implementing an update which addresses how its scripting engine handles objects in memory.
According to Microsoft, this flaw exists on Internet Explorer 9, 10, and 11, and exists on Windows 7, 8.1, and 10.
Other Microsoft products that are receiving security updates include Microsoft Exchange Server, Microsoft SQL Service, Microsoft Windows, Microsoft Office, Microsoft Surface Hub, and both versions of Microsoft Edge (Chromium and non-Chromium).
“In addition to security changes for the vulnerabilities, updates include defence-in-depth updates to help improve security-related features,” said Microsoft.
Microsoft also cautioned that users who are running Windows 7, Windows Server 2008, or Windows Server 2008 R2 need to purchase the Extender Security Update solution if they wish to continue receiving security updates.