Menlo Security Cloud Security Platform receives FedRAMP® Authorization

Learn more

Most Searched

Most Searched

Back to blog

Menlo Security Prevents Zero-Day Threats on Internet Explorer (IE) 11

Menlo Security | Aug 12, 2020

illustration of a cracked internet explorer logo and a warning sign

Share this article

The still-active Zero-Day exploit threatens the frequently vulnerable JavaScript engine

Customers of Menlo Security using Internet Explorer (IE) are protected against a recent and still-active zero-day exploit using Internet Explorer, as outlined by Microsoft’s security update CVE-2020-1380.

The remote code execution creates vulnerabilities that allow an attacker to take advantage of how the Internet Explorer engine handles memory and forces corruption.

From the Microsoft Security website:

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. (…). The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

If the attack is successful, the bad actor could install malware, exfiltrate data, or bring down an entire network.

Safe with Internet Isolation

For the 46 percent of users on the Menlo Security Isolation Platform who are using Internet Explorer (IE) 11, you are protected from this exploit.

Browser_Profile_MSIP_Users1x

As participants in the Microsoft Active Protections Program (MAPP), we were able to access additional details about the vulnerability and confirm the JavaScript engine flaw. That information helped us to understand the details of the threat and confirm that our users are protected.

In this real-world scenario, the attacker will be unable to compromise the end-user’s device because our Isolation Core™ executes active content in our cloud and allows only safe visuals to be sent to the end-user.

Any active threat exists in the cloud, away from the device, resulting in complete safety for users with this vulnerable version of Internet Explorer.

To learn more about how Menlo Security protects you from zero-day threats, read our Internet Isolation datasheet.

Posted by Menlo Security on Aug 12, 2020

Tagged with

Share this article

Related articles

Illustration of computer window with key unlocking padlock, thief stealing credit cards, and text XeGroup

Threat Trends & Research

Not your average Joe: An analysis of the XeGroup’s attack techniques

illustration of man looking at laptop in confusion with icon of password protected file

Threat Trends & Research

Malicious password-protected files: The issue of prioritizing business decisions over security policies

illustration of criminal using computer while holding a mask and inputting a password and two-factor code

Threat Trends & Research

The art of MFA Bypass: How attackers regularly beat two-factor authentication

Illustration of computer window with key unlocking padlock, thief stealing credit cards, and text XeGroup

Threat Trends & Research

Not your average Joe: An analysis of the XeGroup’s attack techniques

illustration of man looking at laptop in confusion with icon of password protected file

Threat Trends & Research

Malicious password-protected files: The issue of prioritizing business decisions over security policies

illustration of criminal using computer while holding a mask and inputting a password and two-factor code

Threat Trends & Research

The art of MFA Bypass: How attackers regularly beat two-factor authentication

See more resources

Make the secure way to work the only way to work.

To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.

Try Menlo Free