Use Of Internet Explorer Heavily Discouraged. Major Flaw Discovered
Internet Explorer, the former king of desktop browsers fell from grace, replaced by the new king, Google Chrome. According to Netmarketshare.com, Internet Explorer on the average for 2018 is used by only 11.11% of desktop/laptop machines globally. Way lower than the current top browser, Chrome with a commanding 63.82% of browser share.
A different data set coming from Statcounter.com, showing Internet Explorer with a more miserable usage numbers, down to just 6.75% of desktop/laptop market share for 2018:
It is fairly obvious that globally speaking, the importance of the erstwhile king of all browsers receded. Microsoft lost a lot in the browser market share, even after they have strongly promoted the use of Edge, which is the default browser in all Windows 10 installations since 2015. Those that left Internet Explorer have not migrated to Edge, but rather went to Chrome instead, as evidenced by the very low usage share of Edge from both the Netmarketshare and Statcounter statistics.
Internet Explorer 11 is still bundled with Windows 10, even after Microsoft fully supported the use of Edge browser. Microsoft’s promotion even went to a point that installation of rival browsers in Windows 10 built 1809 is softblocked by a nag screen:
Internet Explorer has recently been disclosed of harboring a critical zero-day vulnerability, also known as CVE-2018-8653. It is a nasty remote code execution bug in Internet Explorer’s aging Trident scripting engine. Since 2015, Microsoft deprecated the Trident engine for Edge in favor of a newer evolved form named Chakra. This very engine will soon be superseded by the Chromium’s Blink V8, as Microsoft announce that future versions of Edge will ditch Chakra in favor of Blink V8, which will basically end the browser wars.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” explained Microsoft in the official advisory.
Microsoft is fully requesting all users to not delay the execution of Windows Update in order to automatically receive the patch. System administrators who require testing of patches before deploying in their corporate network may use the following mitigation methods in order to prevent the exploitation of the bug prior to installation of the patch:
Execute using Command Prompt:
For 64 Bit Windows:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
For 32 Bit Windows:
cacls %windir%\system32\jscript.dll /E /P everyone:N
Kevin Jones720 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.