Microsoft fixes critical vulnerability in Internet Explorer
The technology company detected two vulnerabilities in sending the corresponding patches to all versions of Windows with security support, one for Microsoft Defender and the other for Internet Explorer (IE)
Microsoft has announced through the Security Response Center the correction of the denial of service vulnerability (CVE-2019-1255) that affected Microsoft Defender.
This vulnerability prevented Microsoft Defender from correctly handling the files. As the company explains, its exploitation could “prevent legitimate accounts from executing legitimate binary files of the system.”
The second vulnerability (CVE-2019-1367) affected the Internet Explorer browser and, as Microsoft has acknowledged, it became exploited, although the company has not provided more details. In this case, it allowed remote code execution, and could corrupt the memory in IE.
If the attacker was successful, he could, as the company explains, obtain the same administrative privileges as the current user and take control of the affected system to install programs, modify or delete data, or create new accounts with user privilege.
The patch that addresses this vulnerability modifies the way the scripting engine manages objects in IE memory. The two vulnerability fixes have been distributed to all versions of Windows with active security support.
Source: dpa
