Security News > 2019 > September > Microsoft drops emergency Internet Explorer fix for actively exploited zero-day
2019-09-24 08:14
Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems. The Internet Explorer vulnerability (CVE-2019-1367) CVE-2019-1367 is a memory corruption vulnerability in the scripting engine that could be exploited to achieve remote code execution. An attacker who successfully exploited the vulnerability could gain the same user rights … More → The post Microsoft drops emergency Internet Explorer fix for actively exploited zero-day appeared first on Help Net Security.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/suF6M4sMDj0/
Related news
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-23 | CVE-2019-1367 | Out-of-bounds Write vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |