NEW Phishing Attack hits Indeed.com
Most Searched
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Video
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
eBook
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Buyer's Guide
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Aug 12, 2020
Share this article
Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380.
The remote code execution creates vulnerabilities that allow an attacker to take advantage of how the Internet Explorer engine handles memory and forces corruption.
From the Microsoft Security website:
In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. (…). The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
If the attack is successful, the bad actor could install malware, exfiltrate data, or bring down an entire network.
For the 46 percent of users on the Menlo Security Isolation Platform who are using Internet Explorer (IE) 11, you are protected from this exploit.
As participants in the Microsoft Active Protections Program (MAPP), we were able to access additional details about the vulnerability and confirm the JavaScript engine flaw. That information helped us to understand the details of the threat and confirm that our users are protected.
In this real-world scenario, the attacker will be unable to compromise the end-user’s device because our Isolation Core™ executes active content in our cloud and allows only safe visuals to be sent to the end-user.
Any active threat exists in the cloud, away from the device, resulting in complete safety for users with this vulnerable version of Internet Explorer.
To learn more about how Menlo Security protects you from zero-day threats, read our Internet Isolation datasheet.
Posted by Menlo Security on Aug 12, 2020
Tagged with
Threat Trends & Research
To talk to a Menlo Security expert, please complete the form.