TECH
During the Zero-Day initiative, which promotes investigation and disclosure of security issues in operating systems, researcher Dmitri Kaslov of the Telspace System has discovered a Windows vulnerability that allows hackers to execute code remotely.
The problem is mixed in Internet Explorer JScript error messages, but as explained by the investigator, can only be activated under specific conditions. This vulnerability is only one of the ingredients for a successful successful attack that, as has been reported, never happened. It allows executing codes in a sandbox environment, but it would be necessary to conjugate with other exploits to be able to activate them in the target of the system.
At its core, the flaw allows hackers to execute arbitrary code on certain Windows installations. To do this, users would have to run infected JScript on their system, for example, being fooled into visiting a fake page or opening a malicious file.
According to the researchers, the information about the bug was sent to Microsoft on January 23, but to date no fix has been issued for it. The Redmond giant says it has struggled to reproduce the error, but a correction will be released soon.
In the common vulnerability scoring system (CVSS), this bug took a score of 6.8 which is considered an average hazard.
Sapo
No comments:
Post a Comment