High Threat Security Alert (A19-09-05): Multiple Vulnerabilities in Microsoft Internet Explorer and Defender


 

Published on: 24 September 2019

Last update on: 04 October 2019

  
  

Description:

Microsoft has released out-of-band security updates addressing the vulnerabilities found in the Internet Explorer and Microsoft Defender. An attacker could entice a user to visit a malicious web page or scan a specially crafted file to exploit the vulnerabilities in the Internet Explorer or Microsoft Defender respectively.

Reports indicate that active exploitation against the vulnerability in Microsoft Internet Explorer (CVE-2019-1367) for remote code execution has been observed. Users are advised to take immediate action to patch your affected systems to mitigate the elevated risk of cyber attacks.

Microsoft has released another out-of-band security update to address a printing issue identified in the previous fix for the Internet Explorer vulnerability (CVE-2019-1367). Users of affected systems should apply the latest security update to fix the issue.

 

Affected Systems:

  • Microsoft Internet Explorer 9, 10, 11
  • Microsoft Defender

 

Impact:

Successful exploitation of the vulnerabilities could lead to remote code execution or denial of service on an affected system.

 

Recommendation:

Patches for affected products are available from the Windows Update / Microsoft Update Catalog.  Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

System administrators are advised to grant administrative privileges to users only on a need basis.  To mitigate the risk of vulnerability exploitation, users should avoid browsing the Internet using accounts granted with administrative privileges.

 

More Information:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
https://www.hkcert.org/my_url/en/alert/19092401
https://www.us-cert.gov/ncas/current-activity/2019/09/23/microsoft-releases-out-band-security-updates
https://www.us-cert.gov/ncas/current-activity/2019/10/03/microsoft-re-releases-security-updates
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1255
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1367

 



Tag: Internet Explorer , Microsoft Defender
Tags