Microsoft warns that the flaw is already being exploited in "limited, targeted attacks".
The upcoming Patch Tuesday updates will be published on February 11. An attacker could use the flaw to remotely run malicious code on an affected computer, such as tricking a user into opening a malicious website from a search query or a link sent by email, TechCrunch reported recently. "If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system".
Successful exploitation of the remote code execution flaw would allow miscreants to gain the same privileges as the current user. This means that if you want to install an app that isn't available in the Microsoft Store, you need to permanently switch out of S mode. "This vulnerability only affects certain websites that utilize jscript as the scripting engine". Other users can also purchase a package of updates, but they would still be at a greater risk of hacking and malware.
In a web-based attack scenario, an attacker could host a specially crafted website that is created to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.
"Consider using Microsoft Edge or an alternate browser until patches are made available".
Microsoft didn't immediately respond to a request for comment about whether it is prepping CVE-2020-0674 patches for any no-longer-supported operating systems.
Credit for finding the flaw, Microsoft says, goes to Clément Lecigne of Google's Threat Analysis Group as well as Ella Yu from Qihoo 360. "Devices that run unsupported software are not protected", Microsoft added.
New Windows 10 icons that Microsoft has been working on for a while are starting to appear.
Microsoft has confirmed a security flaw affecting Internet Explorer is now being used by hackers and it is working on a fix, to be released at a later date. This vulnerability of Explorer is similar to the one found in Mozilla Firefox.