Microsoft has issued an emergency Windows zero-day flaw patch to fix two critical vulnerabilities that affect Internet Explorer and Windows Defender…
Software giant Microsoft has made an emergency Windows zero-day defect to address two issues. The problems negatively impact Internet Explorer and Windows Defender, alike.
Windows Pushes Out Windows Internet Explorer Zero-Day Flaw Patch
The flaws — indexed as CVE-2019-1367 and CVE-2019-1255 — makes it possible for attackers to remotely take over a target system and then trigger a denial of service in Windows Defender.
One vulnerability is a zero-day risk for Internet Explorer, which affects versions 9, 10, 11 and is the most severe of the two. Microsoft warns in its advisory:
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”
The very fact Microsoft broke away from its normal update schedule to push out the fixes and to explicitly warn users underscores just how serious these threats are.
— Security Response (@msftsecresponse) September 23, 2019