Security News > 2019 > September > Microsoft drops emergency Internet Explorer fix for actively exploited zero-day
2019-09-24 08:14
Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. The Internet Explorer vulnerability (CVE-2019-1367) CVE-2019-1367 is a memory corruption vulnerability in the scripting engine that could be exploited to achieve remote code execution. An attacker who successfully exploited the vulnerability could gain the same user rights … More → The post Microsoft drops emergency Internet Explorer fix for actively exploited zero-day appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/suF6M4sMDj0/
Related news
- Malicious ads exploited Internet Explorer zero day to drop malware (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Microsoft fixes Windows Smart App Control zero-day exploited since 2018 (source)
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) (source)
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-23 | CVE-2019-1367 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |