Initiatives pour
En tant qu'autorité nationale en matière de cybersécurité, le CCB a développé plusieurs initiatives destinées à des publics spécifiques, qui sont présentées ici.
New zero day found in Microsoft Internet Explorer
Image
Publié : 21/01/2020
Reference:
Advisory #2020-003
Version:
1.0
Affected software:
Microsoft Internet Explorer 9 through 11
Type:
Remote Code Execution
CVE/CVSS:
CVE-2019-0674
Sources
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001 (1)
Risks
Successful attacks using this vulnerability could allow an attacker to execute his own shellcode remotely with Internet Explorer privileges.
Description
An attacker can make use of a zero-day vulnerability in Internet Explorer 9 through 11 to run arbitrary commands with full user rights. If the logged in user is an administrator, this could lead to a full system compromise.
There is currently no patch available for this vulnerability, and the vulnerability is actively being exploited in the wild. There are known mitigations, however.
Recommended Actions
CERT.be recommends to perform the mitigation techniques proposed by Microsoft(1), or to use a different browser until a patch is available.