Microsoft has released an emergency out-of-band security update today to fix two critical security issues — a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug.
Patch NOW: #Microsoft Defender Denial of Service and Internet Explorer Scripting Engine Vulnerability – https://t.co/6rVzncFXGI
— Christoph Kolbicz (@_kolbicz) September 23, 2019
The release of this patch underlines the importance of regular patching on an environment. It also highlights the importance of regular asset identification and vulnerability scanning of environments, for example, knowing what to patch once a vulnerability has been identified. We know that attackers are flexible and dynamic and will be looking to further leverage this vulnerability to suit their needs, be it financial or otherwise. While Internet Explorer isn’t as popular as it once was, it is still a rich target for attackers, and with the release of this patch, further emphasizes why it is a business risk when compared to other browsers.
The importance of patching has never been so important and not just for those “early adopters”. Luckily there is a minimal share of the public still using IE as a browser, but it’s worth noting this could still have damaging consequences. If anyone thinks they may have been affected, I advise they update and patch their browser and then conduct a full antivirus scan of the device to make sure any possible malicious code is removed.