Microsoft Issues Out-of-Band Patch for Internet Explorer
The security update fixes a vulnerability that could allow an attacker to remotely execute code at the same privilege as the legitimate user.
Microsoft today released an off-cycle patch for a zero-day memory corruption vulnerability in Internet Explorer.
CVE-2019-1367 is a flaw that can corrupt memory in such a way that an attacker could execute arbitrary code in Internet Explorer, and do so in the context (at the permission level) of the current user.
In the worst case, an attacker could install programs, view, change, and delete data, and create new user accounts with full user privileges, while the legitimate user is logged in as an admin.
According to Microsoft, the patch remediates the vulnerability by changing the way in which the scripting engine handles objects in memory.
For more, read here.
Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's top story: "The 20 Worst Metrics in Cybersecurity."
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024