Microsoft Releases Out-of-band Security Update To Fix IE Zero-day & Defender Bug

By   ISBuzz Team
Writer , Information Security Buzz | Sep 24, 2019 03:31 am PST

It has been reported that Microsoft has released an emergency out-of-band security update today to fix two critical security issues — a zero-day vulnerability in the Internet Explorer scripting engine that has been exploited in the wild, and a Microsoft Defender bug.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Satnam Narang
Satnam Narang , Senior Research Engineer
September 24, 2019 11:36 am

Microsoft released an out-of-band patch for a zero-day vulnerability in Internet Explorer that has been exploited in the wild. Exploitation of this vulnerability could result in the attacker gaining arbitrary code execution under the same privileges as the current user. In the event that the current user has administrative privileges, an attacker could perform various actions on the system, from creating a new account with full privileges to installing programs or even modifying data.

To exploit the vulnerability, an attacker would have to host the exploit on a malicious website and socially engineer a user into opening that website in Internet Explorer. In the case of a targeted attack, an attacker could include a link to the malicious website in an email or in a malicious email attachment (HTML file, PDF file, Microsoft Office document) that supports embedding the scripting engine content.

Last edited 4 years ago by Satnam Narang

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x