Emergency updates for Windows Defender and Internet Explorer Zero-Day

  • Post author:
  • Reading time:4 mins read


Microsoft has released out-of-band security updates to fix a critical remote code execution vulnerability in Microsoft Internet Explorer being exploited in-the-wild and a denial of service vulnerability in Microsoft Defender.

CVE-2019-1367 is a zero-day  remote code execution vulnerability that exists in the way the scripting engine in Internet Explorer handles objects in memory. This is classified as a memory corruption vulnerability that allows an attacker to execute arbitrary code in the context of the current user. This critical zero-day in Microsoft Internet Explorer was discovered by Clément Lecigne of Google’s Threat Analysis Group.

An unprivileged attacker can exploit this vulnerability to gain user rights of the current user and take complete control of the system if the user is logged in with administrative privileges. A user can be tricked into accessing a malicious hosting with a vulnerable installation of Internet Explorer to execute arbitrary code. An attacker who gets full access to the system can install malicious software; access, modify or delete sensitive data present on systems or launch further attacks by creating new user accounts on the compromised system.

Microsoft has also released an out-of-band security update for an important vulnerability in Microsoft Defender. Microsoft Defender is an anti-malware component of Microsoft Windows. A flaw exists in the way Microsoft Defender handles files. This flaw allows attackers to prevent execution of legitimate system binaries by legitimate accounts. Disruption of the Windows Defender Service allows an attacker to infect the system with malware with a lower risk of being detected.

In order to exploit this vulnerability, an attacker needs to have execution permissions on the target machine. However, there is no shortage of bugs that facilitate remote code execution. Nevertheless, it becomes our responsibility to keep our systems up-to-date to stay secure.

Microsoft has released patches for CVE-2019-1367 and is aware of instances of exploitation, but there is no clear information about the specific malwares or threat groups using this vulnerability. We urge system administrators to install these patches on priority.

Microsoft has also released updates for CVE-2019-1255 which will be installed automatically using the auto-update feature in Malware Protection Engine on Windows Systems. Microsoft also mentions,

 Administrators of enterprise antimalware deployments should 
 ensure that their update management software is configured 
 to automatically approve and distribute engine updates and 
 new malware definitions. Enterprise administrators should 
 also verify that the latest version of the Microsoft Malware
 Protection Engine and definition updates are being actively 
 downloaded, approved and deployed in their environment.

Impact

Successful exploitation will allow an attacker to execute arbitrary code without privileges to take control of an entire system or cause denial of service.


Solution

Please refer to this KB Article to apply the patches using SanerNow.

Share this article