Microsoft Patches IE Zero-Day Bug

Nov 13, 2019 10:00 am Cyber Security 222

Microsoft Patches IE Zero-Day Bug

Microsoft released fixes for 75 vulnerabilities during this month’s patch update round, including one zero-day flaw in Internet Explorer.





The bug in question, CVE-2019-1429, exists in the way the scripting engine handles objects in memory in the browser, corrupting memory so an attacker can execute arbitrary code, according to Microsoft.





“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” it explained.





“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked 'safe for initialization' in an application or Microsoft Office document that hosts the IE rendering engine."



An attacker could also take advantage of compromised websites and those that accept or host user-provided content or ads, Microsoft continued.





Another one to watch is CVE-2019-1457, a publicly disclosed vulnerability in Excel which could bypass security features.





“An attacker could embed a control in an Excel worksheet that specifies a macro should be run. Wha ..

Support the originator by clicking the read the rest link below.

microsoft patches
Read The Rest from the original source
infosecurity-magazine.com

Related News

Be in Touch

All Rights Reserved #1 Source for Cyber Security News, Reports and Threat Intelligence
Powered By The Internet!!!!