A few days ago, Microsoft released an emergency patch for Internet Explorer to fix the 0day vulnerability in Internet Explorer. The vulnerability ID is CVE-2018-8653 and was discovered by Google Threat Analysis Group. Because the IE browser scripting engine is flawed in handling objects in memory, an attacker can exploit the vulnerability to destroy memory by exploiting the security privileges of the logged-in user, an attacker can execute special code to defeat the memory.
Not only that, but attackers can also use malicious code to create special tools and launch attacks. In this way, an attacker can attack by malicious code in the attack toolkit or penetrate a legitimate website to add malicious code.
Once the goal is achieved, the attacker can execute code on the computer, such as downloading malware, scripts, or executing any commands that the currently logged in user can access.
Since the vulnerability affects multiple Windows versions of IE browsers (from IE9 to IE11), Microsoft immediately released an emergency patch after learning about the situation. However, according to the patch update page, the patch has caused problems for many users’ devices. Specifically, some users who use Lenovo laptops found that they were unable to start Windows after installing the KB4467691 patch.
Soon after the patch was released, I believe that Microsoft also received feedback from users, and updated the patch page, indicating that some Lenovo laptops do have potential problems:
“After installing KB4467691, Windows may fail to startup on certain Lenovo laptops that have less than 8 GB of RAM.”
Microsoft also provides possible solutions for users experiencing problems:
“Restart the affected machine using the Unified Extensible Firmware Interface (UEFI). Disable Secure Boot and then restart.
If BitLocker is enabled on your machine, you may have to go through BitLocker recovery after Secure Boot has been disabled.
Microsoft is working with Lenovo and will provide an update in an upcoming release.”