Microsoft Releases Out-of-band Security Update To Fix IE Zero-day & Defender Bug

It has been reported that Microsoft has released an emergency out-of-band security update today to fix two critical security issues — a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Satnam Narang
Satnam Narang , Senior Research Engineer
InfoSec Expert
September 24, 2019 11:36 am

Microsoft released an out-of-band patch for a zero-day vulnerability in Internet Explorer that has been exploited in the wild. Exploitation of this vulnerability could result in the attacker gaining arbitrary code execution under the same privileges as the current user. In the event that the current user has administrative privileges, an attacker could perform various actions on the system, from creating a new account with full privileges to installing programs or even modifying data.

To exploit the vulnerability, an attacker would have to host the exploit on a malicious website and socially engineer a user into opening that website in Internet Explorer. In the case of a targeted attack, an attacker could include a link to the malicious website in an email or in a malicious email attachment (HTML file, PDF file, Microsoft Office document) that supports embedding the scripting engine content.

Last edited 3 years ago by Satnam Narang
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x