Microsoft has released emergency snap-in security updates for Windows and Windows Server that fix two critical security issues: Internet Explorer Zero Day Vulnerability (CVE-2019-1367) and Microsoft Defender Vulnerability (CVE-2019-1255)
Microsoft has released an emergency emergency security update that fixes two critical security issues: a remote day vulnerability in the Internet Explorer scripting engine that has already been reported, and a bug in Microsoft Defender.
These updates do not fit into the traditional release schedule because Microsoft typically releases security updates on the second Tuesday of the month. The company rarely violates this rule, and just such a case has occurred today.
- Update KB4522016 (Build 18362.357) for Windows 10, Version 1903
- Update KB4522015 (Build 17763.740) for Windows 10, Version 1809
- Update KB4522014 (Build 17134.1009) for Windows 10, Version 1803
- Update KB4522012 (Build 16299.1392) for Windows 10, Version 1709
- Update KB4522011 (Build 15063.2046) for Windows 10, Version 1703
- Update KB4522010 (Build 14393.3206) for Windows 10, Version 1607
- Update KB4522009 (Build 10240.18334) for Windows 10, Version 1507
Users are encouraged to install updates as soon as possible after they become available for installation on the OS.
Zero Day Vulnerability
Of the two problems fixed, the zero-day vulnerability in Internet Explorer is of most importance, since real cases of its operation have already been recorded.
Details of the attacks are still shrouded in mystery, because Microsoft is reluctant to disclose such details. We only know that Microsoft learned about the problem from Clement Lecigne, a member of the Google threat analysis group.
This Google team earlier this year found zero-day attacks on iOS devices directed against members of the Chinese Uyghur community, as well as Android and Windows users. It is unclear whether the issue fixed in IE is related to these attacks.
A very serious security issue that led to remote code execution was fixed.
According to Microsoft, “this vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.”
Microsoft described the attack as follows:
An attacker who successfully exploited a vulnerability gains the same rights as the current user. If the current user is logged on with administrator rights, an attacker could take full control of a vulnerable system. After that, he will be able to install programs, view, modify or delete data or create new accounts with full privileges.
To carry out an attack, an attacker must lure a victim using Internet Explorer to a malicious website, which is a rather trivial task of social engineering. To do this, you can use spamming, IM-spam, advertising on search engines, malicious advertising campaigns, etc.
There is some good news. According to StatCounter, Internet Explorer’s share fell to 1.97%. This means that the number of potential victims is relatively small, and the attacks will be limited in scope.
The fixed vulnerability is registered under the identifier CVE-2019-1367. In the security recommendations, Microsoft lists various workarounds to protect systems if it is not possible to install the update immediately.
Mistake in Microsoft Defender
The second fixed issue is the Denial of Service (DoS) vulnerability in Microsoft Defender, a standard system antivirus, formerly known as Windows Defender. Microsoft Defender ships with Windows 8 and later versions of Windows, including Windows 10.
Microsoft reports that “an attacker could exploit a vulnerability to prevent trusted accounts from executing secure system binaries.”
An attack will not be easy. An attacker should not only gain access to the victim’s system, but also be able to run the code.
This vulnerability allows cybercriminals with the rights to “execute code” on the victim’s PC to disable Microsoft Defender components. After that, they will have access to many ways to execute malicious code, for example, to carry out attacks with fileless threats.
Microsoft has released an update to the v1.1.16400.2 subsystem to fix this problem.
This vulnerability is registered as CVE-2019-1255. Microsoft says the problem was discovered by researchers from F-Secure and Tencent.