Here is how Microsoft describes the need for an urgent security update they have made available on December 19, 2018.

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.

The security update addresses the vulnerability by modifying how the scripting engine handles objects in memory.”

Apply this Urgent Security Update to Your Computers

BIZFORCE Technologies is always looking out for our customers when IT situations like this one arise, requiring immediate attention. For our Managed Services customers, we updated the software of computers that required it as soon as this update was released on the evening of December 19th, 2019 as long as your computers were on when the update went out. Please make sure everyone, especially those that use Microsoft Internet Explorer, leaves their computers on tonight so that all of your computers are protected by this critical update! 

If you are not signed up for our BIZFORCE Technologies Managed Services program, you will need to take immediate action to update your computers. 

Here is where you can go to download the updates directly from Microsoft and apply them yourself https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653 Note: you will need to accept their terms in order to see and access the links to get the updates.

Don’t have time for this?

Now is a great time to sign up for our Managed Services program to protect your business. Updates like this one are pushed to your computers as they are released, relieving you of the headache of having to handle them manually or missing them and putting your business at risk. It is easy to set up and cost-effective, especially compared to the potential loss of business, confidential records and/or your reputation when a threat like this one results in a security issue for your business. Click here to get started with Managed Services.

Read more about this threat.  Microsoft releases out-of-band security update for Internet Explorer zero-day discovered by Google threat analysts.