Microsoft pushed Out-of-Band Update for Critical RCE bug for Windows

Now, this week is going to be a bad week for Microsoft as well as Windows users, all because of the security issues dropping out. Multiple security bugs like critical Windows remote code execution vulnerability that was "wormable" and highly dangerous if ever exploited followed by Windows 10 latest update broke Windows Defender and many more.
Here is another critical security issues have been dropped for Windows users which are already been widely exploited.
The vulnerability, identified as CVE-2019-1367, is described as a "scripting engine memory corruption vulnerability" that impacts Internet Explorer 9 (on Windows Server 2008,) Internet Explorer 10 (on Windows Server 2012) and Internet Explorer 11 (on Windows 7, 8.1, Server 2008, Server 2012, Server 2019 and Windows 10.)
The worst thing with this bug is that the attacker just needs to trick the victim to visit a crafted site, which triggers memory corruption and allow arbitrary code to be executed "in the context of the current user", allows full control over the system.
What does that mean? If a threat actor successfully convinced you to visit the rogue website, by way of a phishing email for example, and you happened to be logged into Windows as an administrator, then full control of your system could be achieved. Malware could be installed, files could be deleted and new accounts created. Be in no doubt; this is a critical vulnerability and one that is already being exploited according to the Microsoft security update guide confirmation.

Good News With Bad Taste
For the fix of this bug, Microsoft has made the out of band security update, but it also says an updated scan file will not be available until the next security release in October 2019. So if you want to fix your system with this code execution bug then you have to apply the patch manually after downloading it. 

Furthermore, Software giants also gave another mitigation for some windows users, but it also says that this will not completely put users on the safe side. So it's clear that either you manually patch your system or wait till October updates.

Related Posts

Post a Comment

Subscribe Our Newsletter