IE Zero-day  - Microsoft 2Bsecurity 2Bupdates - Microsoft Fixed 74 Bugs Including IE Zero-day that Under Active Attack

released a security update for November under patch Tuesday and fixed 74 security vulnerabilities that affected various products.

Out of 74 vulnerabilities, 13 are marked as “Critical” severity, 61 vulnerabilities categorized as “Important” severity.

The November security release consists of security updates for the following software:

  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge (EdgeHTML-based)
  • ChakraCore
  • Microsoft Office and Microsoft Office Services and Web Apps
  • Open Source Software
  • Microsoft Exchange Server
  • Visual Studio
  • Azure Stack

Internet Explorer Zero-day Under Active Attack

Microsoft fixed an IE Zero-day remote code execution vulnerability (CVE-2019-1429) that resides in the scripting engine handles objects in memory in Internet Explorer and the vulnerability actively exploiting in wide.

If the attackers successfully exploit the vulnerability, They could corrupt the memory and execute arbitrary code in the context of the current user.

If the users logged in the system as admin, an attacker who successfully exploited the vulnerability could take complete control of an affected system.

Once the attacker gains access, He/she could then install programs; view, change or delete data even create a new account with the complete user rights.

The IE zero-day vulnerability discovered and reported by Project Zero, and the vulnerability is still actively exploited in wide.

Microsoft Exchange and Edge RCE

Microsoft also fixed several critical remote code execution vulnerability (CVE-2019-1373) in Microsoft Exchange An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the logged-in user.

Another remote code execution vulnerability (CVE-2019-1426) has been fixed that exists in the way that the scripting engine handles objects in memory in Microsoft Edge. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Microsoft Security Update – Critical Vulnerabilities list

Microsoft
Exchange Server
CVE-2019-1373 Microsoft Exchange Remote Code
Execution Vulnerability
Critical
Microsoft
Graphics Component
CVE-2019-1441 Win32k Graphics
Remote Code Execution Vulnerability
Critical
Microsoft Graphics Component CVE-2019-1419 OpenType Font
Parsing Remote Code Execution Vulnerability
Critical
Microsoft Scripting Engine CVE-2019-1426 Scripting Engine
Memory Corruption Vulnerability
Critical
Microsoft
Scripting Engine
CVE-2019-1429 Scripting Engine
Memory Corruption Vulnerability
Critical
Microsoft
Scripting Engine
CVE-2019-1427 Scripting Engine
Memory Corruption Vulnerability
Critical
Servicing Stack Updates ADV990001 Latest Servicing
Stack Updates
Critical
Windows Hyper-V CVE-2019-1398 Windows Hyper-V
Remote Code Execution Vulnerability
Critical
Windows Hyper-V CVE-2019-0719 Hyper-V Remote
Code Execution Vulnerability
Critical
Windows Hyper-V CVE-2019-1397 Windows Hyper-V
Remote Code Execution Vulnerability
Critical
Windows Hyper-V CVE-2019-0721 Hyper-V Remote
Code Execution Vulnerability
Critical
Windows
Hyper-V
CVE-2019-1389 Windows Hyper-V
Remote Code Execution Vulnerability
Critical
Windows Media Player CVE-2019-1430 Microsoft
Windows Media Foundation Remote Code Execution Vulnerability
Critical

Since the zero-day under active attack, Microsoft strongly recommended installing these security updates for all the windows users to avoid the security risk and protect your Windows.

You can refer the complete patch details for the full list of vulnerabilities resolved, advisories, in the November 2019 Patch here.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates





Source link

No tags for this post.

LEAVE A REPLY

Please enter your comment!
Please enter your name here