Microsoft has unexpectedly released out-of-band security updates to fix vulnerabilities in Internet Explorer and Microsoft Defender. The IE zero-day bug is deemed “critical”, as it’s being actively exploited to achieve partial or complete control of a vulnerable systems.
CVE-2019-1367 is a memory corruption vulnerability in the scripting engine that could be exploited to achieve remote code execution.
An attacker who successfully exploited the vulnerability could gain the same user rights as the current user – if the user is logged on with administrative user rights, that means the attacker gets complete control over the system.
