HomeWinBuzzer NewsMicrosoft Rolls out Emergency Update to Fix Critical Internet Explorer Flaw

Microsoft Rolls out Emergency Update to Fix Critical Internet Explorer Flaw

A critical Internet Explorer bug incorrectly handles objects in memory, letting attackers gain the same rights as a user via a specially crafted webpage.

-

is rolling out an update to all variants of to fix a dangerous flaw in Internet Explorer. Known as CVE-2019-1367, the bug lets an attacker gain the same rights as the current user by exploting the way the scripting engine handles objects in memory.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights,” explained Microsoft.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

The patch is an out-of-band update, meaning it doesn't follow Microsoft's regular schedule of Patch Tuesday rollouts. It's essentially an emergency fix, with the company deeming it a critical bug for many IE versions. The patch adjusts how the scripting engine handles the objects, removing the ability to gain user rights.

The rollout additionally patches CVE-2019-1255, a denial of service flaw in . With this bug, a hacker could exploit the anti-virus' improper handling of files to stop users from running legitimate binaries.

Those who don't want to wait for the update to reach them can find updates for Windows 10 and IE versions here. The quick patch follows an incident in May where a researcher published a zero-day IE exploit after Microsoft failed to address it.

Microsoft's cybersecurity lead has previously noted that Internet Explorer is a legacy tool and should be avoided. Chromium Edge will soon release with an IE Mode, which lets users view old webpages while using a modern browser.

SourceMicrosoft
Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News