Microsoft patched another zero-day – this time in Internet Explorer
During the April’s patch Tuesday Microsoft patched two zero-day vulnerabilities: previously disclosed vulnerability in Microsoft Word (CVE-2017-0199, SB2017040901) and another zero-day in Internet Explorer.
According to vendor’s description, the vulnerability in Internet Explorer CVE-2017-0210 (SB2017041202) allows an attacker to access contents from another domain. This is a very dangerous vulnerability as it may allow an attacker to steal potentially sensitive information and probably even interact with another website.
This month Microsoft patched 51 vulnerabilities in total, 7 vulnerabilities in Adobe Flash Player and 44 Microsoft products.
The total number of all patched vulnerabilities in Microsoft products is displayed on the graph above. In 2017 there were 220 vulnerabilities vs 690 vulnerabilities patched in 2016.
As for the zero-days stats, this Tuesday Microsoft patched second zero-day in IE in 2017. The total number of zero-day vulnerabilities in different versions of Internet Explorer has reached 38 vulnerabilities since 2006.
Latest Posts
Ukrainian military personnel targeted via messaging apps and dating sites
The threat actor employs a range of software in their malicious activities, including both commercial programs and open-source tools.
Russian military hackers targeted US water utilities and hydroelectric facilities in Europe
This marks the first time Russian nation-state hackers have posed a direct threat to critical infrastructure in Western countries.
International police operation takes down massive PhaaS platform LabHost
The investigation found over 40 000 phishing domains linked to LabHost, which had some 10 000 users worldwide.