The team at Microsoft has released a security advisory that details a remote code execution vulnerability (RCE) in Internet Explorer. The bug exists in the way that the scripting engine in jscript.dll handles objects in memory in Internet Explorer. If executed correctly, the attacker could have access to run code with the same privileges as the current user, simply by tricking the user to visit the attacker’s malicious website using Internet Explorer. If the current user of the targeted device has administrative rights, then the attacker would be granted the same rights which could lead to a total system takeover. This could allow the attacker to install malicious programs, tamper with data, and create additional user accounts with full user rights.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in