The team of Microsoft security response announced the launch of emergency patches for all versions of Windows with support due to two important vulnerabilities in Internet Explorer and Microsoft Defender (formerly called Windows Defend).
In the case of Internet Explorer, the problem is especially important since, as Microsoft has indicated in its security portal, has been actively exploited, although they have not offered more details about it.
The vulnerability identified as CVE-2019-1255 affects the Microsoft Defender antivirus that is included by default in Windows 10. It is a denial of service vulnerability that can be exploited by an attacker to prevent the execution of legitimate system binaries, and has been corrected by ensuring that Microsoft Defender handles files correctly.
The patches have been issued for Windows 10 (all versions with support), Windows 8.1, Windows 7, the versions of Windows Server with current support.
The browser that is no longer a browser, just a problem
The vulnerability identified as CVE-2019-1367 allows remote code execution taking advantage of the way the scripting engine handles memory objects in Internet Explorer. The failure could corrupt memory in such a way that an attacker can execute arbitrary code and obtain the same user privileges as the current user.
If the user has administrative privileges, the attacker could take control of the affected system to install programs, view, change or delete data, or create new accounts with all user privileges.
The problem affects Internet Explorer 9, 10, and 11 and the patches have been issued for Windows 7, Windows 8.1, and all versions with current support of Windows 10 (1709, 1803, 1809, and 1903). Due to the severity of the problem and it was being exploited, Microsoft has released emergency patches outside its customary agenda.
Although the use of Internet Explorer has been advised against for years and years, and even Microsoft itself recently explicitly asked to stop using it explaining that it was no longer a browser but a compatibility solution, the infamous IE still has more than 4% market share.
It may seem very little, but it is the same quota that Microsoft Edge has, it is very close to Safari and it is much more than alternative solutions such as Opera, Brave or Vivaldi reach. If you know someone who still uses it, please beg him to stop. And if they need it for some reason, the Microsoft Edge based on Chromium allows you to run it in a secure tab.
Microsoft sharing emergency fixes two critical bugs of Internet Explorer and Microsoft Defender in all versions of Windows