Microsoft Launches Windows Sandbox where you can run Suspicious Applications

Yolanda Curtis
December 21, 2018

Microsoft has released an emergency patch to fix a critical vulnerability discovered in Internet Explorer.

"In a web-based attack scenario, an attacker could host a specially crafted website that is created to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email", Microsoft wrote.

Microsoft patched five escalation privilege flaws over the past four months-all of which were actively being exploited in the wild.

How the new Office app looks like
How the new Office app looks like

The full blog post goes into further detail with a full "under the hood" look at Windows Sandbox, which among other things offers graphics hardware acceleration "with Windows dynamically allocating graphics resources where they are needed across the host and guest".

The issue is also significant because it comes as companies prepare for the weekend before Christmas, one of the busiest shopping days of the year, said Jason Escaravage, head of the commercial cybersecurity practice at consulting firm Booz Allen Hamilton.

According to the advisory that detailed the vulnerability, the flaw in JScript component would allow the hacker to execute malicious code directly into the victim's system.

The only reason Microsoft still serviced IE was so business users of Windows 7, 8.1 and 10 could continue to run custom web apps and aged intranet sites.

ZDNet's Mary J Foley notes that Windows Sandbox is available to users of Windows 10 Pro or Enterprise running Insider Build 18301 or later - a version not available at the time of writing but expected later in the week.

Today, we released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks. IE9 (Windows Server 2008) and IE10 (Windows Server 2012) are also impacted.

The most popular way to put up some suspicious code running on a device is by tricking in the user to install a suspicious program on the targetted device. You can manually check for updates here. The Office app also provides shortcuts to our most recently used documents, pinned documents, and documents shared with you.

Other reports by iNewsToday