Microsoft patch critical vulnerability in Internet Explorer
Following Microsoft’s May patch announcement David Picotte, Rapid7 Engineering Manager, has commented on 7 critical security bulletins laid out by Microsoft. He stated:
“Today’s update from Microsoft includes 16 security bulletins, 7 of which Microsoft has identified as of “Critical” importance. CVE-2016-0189 is a vulnerability predominantly exposed via Internet Explorer (IE) that allows maliciously crafted sites to exploit a remote code execution (RCE) vulnerability. This CVE in particular stands out as Microsoft has already detected it’s active exploitation in the wild. If administrators can’t patch their systems quickly, Microsoft has provided a workaround in MS16-051 that’ll simply disable the VBScript.dll and JScript.dll functionality, a crude, but effective, means of reducing your risk.
All the other bulletins continue the trend of privilege elevation and remote code execution vulnerabilities being discovered and patched by Microsoft. We’ve come to expect and continue to see both privilege elevation and remote code execution vulnerabilities month after month. As always, administrators should apply patches as efficiently as possible, but nothing stands out as requiring more urgency than typical.”