Microsoft urgently fixed 0-day vulnerabilities in IE and Microsoft Defender

by Brendan Smith
September 25, 2019

Microsoft developers released emergency patches for problems CVE-2019-1367 and CVE-2019-1255, thereby eliminating two 0-day vulnerabilities: in the scripting engine of Internet Explorer and Microsoft Defender.

The most serious of these two problems is the vulnerability in Internet Explorer, since it allows remote execution of arbitrary code in the context of the current user, and it is already exploited by attackers.

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user”, — reported in a Microsoft message.

Microsoft has not yet released details about this vulnerability. It is said that the problem is present at least in IE 9-11, and to implement the attack, the attacker just needs to lure the user of the vulnerable version of Internet Explorer to a malicious site.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email”, — report in Microsoft.

Interestingly, judging by the security bulletin, for now, Windows users will have to download the patch from the Microsoft Update Catalog and manually launch it on their systems.

Through Windows Update, a fix is not yet available.

Google experts discovered the problem in Internet Explorer. Recalling, same experts recently revealed attacks on iPhone users, and then was reported about unknown attackers, which used similar tactics against Android and Windows users. However, it is not yet clear whether the 0-day bug discovered by researchers in IE is related to those attacks.

Read also: Microsoft has fixed two new vulnerabilities that are similar to BlueKeep

Vulnerability in Microsoft Defender (formerly Windows Defender), in turn, is a denial of service (DoS) problem.

Fortunately, in order to exploit this vulnerability, an attacker would first need to gain access to the victim’s system and find a way to execute the code. If these conditions are met, the bug allows the attacker to disable Microsoft Defender components, however, if the attacker already has rights to execute the code on the victim’s computer, he can use many other methods for invisibly executing malicious code, for example, fileless attacks.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Brendan Smith

Cybersecurity analyst with 15+ years digging into malware and threats, from early days reverse-engineering trojans to leading incident responses for mid-sized firms.

At Gridinsoft, I handle peer-reviewed breakdowns of stuff like AsyncRAT ransomware—last year, my guides helped flag 200+ variants in real scans, cutting cleanup time by 40% for users. Outside, I write hands-on tutorials on howtofix.guide, like step-by-step takedowns of pop-up adware using Wireshark and custom scripts (one post on VT alternatives got 5k reads in a month).

Certified CISSP and CEH, I’ve run webinars for 300+ pros on AI-boosted stealers—always pushing for simple fixes that stick, because nobody has time for 50-page manuals. Tools of the trade: Splunk for hunting, Ansible for automation, and a healthy dose of coffee to outlast the night shifts.

View all posts

Leave a Reply

Sending