Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Microsoft Internet Explorer and Windows Defender flaw

 

Systems Affected


Internet Explorer version 9, 10 and 11
Windows Defender shipped with Windows 8

Threat Level


High


Overview


An Attacker could perform remote code execution on IE and denial-of-service attack on Microsoft defender.


Description


  ✦  CVE-2019-1367: There is a Remote code execution the way Microsoft's scripting engine handles objects in memory in Internet Explorer. An attacker could hijack a Windows PC just by convincing the users to visit a specially crafted webpage hosted online using Internet Explorer.
By doing this the attacker could gain the same user rights as the current user. If the user logged on with administrative account the attacker would get the same privileges.
  ✦  CVE-2019-1255: According to the Microsoft advisory an attacker could exploit this vulnerability to prevent legitimate accounts from executing legitimate system binaries.


Impact


  ✦  Execute arbitrary code
  ✦  Data modifications
  ✦  Denial-of-service
  ✦  Interruption of day to day tasks for the users


Solution/ Workarounds


  ✦  Highly recommended to user an alternative web browser till Microsoft patch the issue
  ✦  Update Microsoft defender with the latest patch.


References


  ✦  https://nvd.nist.gov/vuln/detail/CVE-2019-1255
  ✦  https://nvd.nist.gov/vuln/detail/CVE-2019-1367


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.