Microsoft has released an emergency out-of-band security update to address two critical vulnerabilities that affect Internet Explorer and Windows Defender.
The failures, indexed as CVE-2019-1367 and CVE-2019-1255, made it possible for a remote attacker to take control of a target system and trigger a denial of service in Microsoft Defender, the antivirus application that is sent With the Windows software.
Of the two, the first is a zero-day vulnerability in Internet Explorer that affects versions 9, 10 and 11 and is the most severe. The remote code execution failure, if exploited successfully, could allow an attacker to obtain the same user permissions as the current user and execute arbitrary code.
This can have serious consequences if the current user also has administrative rights, which could then be exploited by the bad actor to obtain elevated privileges and “install programs; view, change or delete data; or create new accounts. "
" In a web-based attack scenario, an attacker could host a specially designed website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to see the website, for example, by sending an email, "Microsoft warned in its notice.
The out-of-band security vulnerability fixes CVE-2019-1367 and CVE-2019-1255 were released today. For more information, see https://t.co/QMUM53m8so and https://t.co/vy3d0wXWng.
– Security response (@msftsecresponse) September 23, 2019
Microsoft said the vulnerability is being actively exploited in nature, but did not provide more details.
The flaw was originally revealed by the Google Project Zero Threat Analysis Group, the same white-hat hacker team that recently stood out for discovery. Laugh a series of iOS exploits that were used to ethnically attack Muslim minorities in China.
The updates come two weeks after the company resolved another 79 security vulnerabilities in its monthly patch on September 10, with 17 of them classified as critical.
The fact that Microsoft decided to break its monthly update pattern and issue out-of-band solutions underscores the seriousness of the problems. If you are a Windows user, you should not waste time installing security updates.