A memory corruption vulnerability has been disclosed in the Microsoft Internet explorer. Upon successful exploitation an attacker can achieve remote arbitrary code execution within the context of the current user. CVE-2018-8653 has been assigned to track this vulnerability. Microsoft has addressed this issue via an out of band advisory release . The issue affects IE 9,10,11 on their respective supported Windows OS. Currently this vulnerability is being exploited in the wild.
Mitigation
Please apply the latest patches provided Microsoft to address CVE-2018-8653. If immediate patching is not possible, please consider restricting access to JScript.dll by following the workarounds provided in the MS advisory.
Qualys will release QID: 100350 as soon as possible to detect CVE-2018-8653 vulnerable machines.
Please continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References
CVE-2018-8653 | Scripting Engine Memory Corruption Vulnerability
CVE-2018-8653