Microsoft Issues Windows Security Update for 0Day Vulnerability
Microsoft has released an unscheduled security update to address two security vulnerabilities in its products. One of the flaws, tracked as CVE-2019-1367, is a zero-day remote code execution (RCE) vulnerability in Internet Explorer that is being actively exploited by threat actors. Microsoft warns that “if the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.”
The second flaw, tracked as CVE-2019-1255, is a denial of service (DoS) vulnerability affecting Microsoft Defender. According to Microsoft, “an attacker could exploit the vulnerability to prevent legitimate accounts from executing legitimate system binaries.” However, the flaw can only be exploited by an attacker who can already execute code on a targeted system.