top of page
news602

Critical Windows Security Warnings

Microsoft issued two emergency Windows updates on November 24, 2019 to protect against "critical" and "important" vulnerabilities impacting Internet Explorer 9 (on Windows Server 2008,) Internet Explorer 10 (on Windows Server 2012/R2,) Internet Explorer 11 (on Windows 7, 8.1,10, Server 2008, Server 2012, Server 2016 and Server 2019) and Windows Defender, the anti-virus software. The vulnerability, confirmed as CVE-2019-1367, is described as a "scripting engine memory corruption vulnerability", could enable attackers to gain the same user rights as the current user and infect a computer.

Although Microsoft replaced Internet Explorer with the Edge browser in Windows 10, the software is still pre-installed on all versions of Windows. BleepingComputer reported, “the fix for an already exploited in the wild zero-day vulnerability has to be installed manually following a download from the Microsoft Update Catalog.”

The Windows Defender bug makes it possible for a remote attacker to take over a target system and prevent legitimate users from using the software.

Users must install the security update for Internet Explorer manually as Microsoft (MSFT) will not release an updated scan file until the next security release in October 2019, but the update for Windows Defender will be installed automatically.

1 view0 comments

Comments


bottom of page