Advisory:
IE/Microsoft Edge (Legacy) Memory Corruption Vulnerability

by Keeshia Leopoldo, InfoSec Team Lead

Cornerstone.IT Gold Microsoft Partner
Connect with us at
www.Cornerstone.IT/contact for the latest updates.

Ask us how we can help secure your environment with the top 10-12 security enhancements every firm should have.  #ITCornerView

Issue/Vulnerability

Internet Explorer/Microsoft Edge (Legacy) Memory Corruption Vulnerability [CVE-2021-26411, CVE-2021-27085]

Scope

In February, South Korean cybersecurity firm Enki disclosed that threat actors used an Internet Explorer zero-day vulnerability in attacks to install custom backdoors. This vulnerability allows attackers to run a file of their choice by getting you to view a hacked or malicious website in IE. Once the machine is exploited the attacker can take control of the affected system and steal confidential data.

CVE-2021-26411

CVE-2021-27085


Who is affected?

Users who have Internet Explorer 11 or legacy Microsoft Edge installed on their machines.

Remediation/Action Plan

Apply patches released by Microsoft via the Windows Updates. Go to Start > Settings > Updates & Security > Check for Updates.

Additional Information

Microsoft released a path that mitigates this vulnerability. While Microsoft lists this as both publicly known and underactive at the time of release, it is not as impactful as the Exchange bugs. We highly recommend applying these patches immediately for enterprises that uses old IE versions and HTM-based Microsoft Edge.


Avoid business continuity disruption by including Windows 10 upgrade in your 2021 budget.  Cornerstone.IT is a Microsoft Gold partner with a history of successful Windows upgrades.

#ITCornerView

Cornerstone.IT graphic
Share Button