Security News > 2019 > September > Microsoft drops emergency Internet Explorer fix for actively exploited zero-day

Microsoft drops emergency Internet Explorer fix for actively exploited zero-day
2019-09-24 08:14

Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. The Internet Explorer vulnerability (CVE-2019-1367) CVE-2019-1367 is a memory corruption vulnerability in the scripting engine that could be exploited to achieve remote code execution. An attacker who successfully exploited the vulnerability could gain the same user rights … More → The post Microsoft drops emergency Internet Explorer fix for actively exploited zero-day appeared first on Help Net Security.


News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/suF6M4sMDj0/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-09-23 CVE-2019-1367 Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.
network
high complexity
microsoft CWE-787
7.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5127 264 7774