Systems Affected
Internet Explorer version 9, 10 and 11
Windows Defender shipped with Windows 8
Threat Level
Overview
An Attacker could perform remote code execution on IE and denial-of-service attack on Microsoft defender.
Description
✦ CVE-2019-1367: There is a Remote code execution the way Microsoft's scripting engine handles objects in memory in Internet Explorer. An attacker could hijack a Windows PC just by convincing the users to visit a specially crafted webpage hosted online using Internet Explorer.
By doing this the attacker could gain the same user rights as the current user. If the user logged on with administrative account the attacker would get the same privileges.
✦ CVE-2019-1255: According to the Microsoft advisory an attacker could exploit this vulnerability to prevent legitimate accounts from executing legitimate system binaries.
Impact
✦ Execute arbitrary code
✦ Data modifications
✦ Denial-of-service
✦ Interruption of day to day tasks for the users
Solution/ Workarounds
✦ Highly recommended to user an alternative web browser till Microsoft patch the issue ✦ Update Microsoft defender with the latest patch.
References
✦ https://nvd.nist.gov/vuln/detail/CVE-2019-1255
✦ https://nvd.nist.gov/vuln/detail/CVE-2019-1367
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
|