Home Security Microsoft November Patch Tuesday Out With Internet Explorer Zero-Day

Microsoft November Patch Tuesday Out With Internet Explorer Zero-Day

by Abeerah Hashim

This Tuesday, Microsoft released its scheduled Patch Tuesday updates for November. These include fixes for a serious zero-day flaw affecting the Internet Explorer and 73 other bugs.

Zero-Day Flaw In Internet Explorer

Reportedly, multiple researchers found a zero-day vulnerability in Internet Explorer involved in numerous active exploitations.

The vulnerability existed in the handling of objects in memory by the scripting engine. When triggered, it allowed an attacker to execute arbitrary remote codes on the target system in the context of the current user. This was particularly dangerous if the current user had admin access to the system.

Explaining further about this critical vulnerability CVE-2019-1429 in an advisory, Microsoft stated,

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Unfortunately, before public disclosure, the criminal hackers came to know of this vulnerability which they later exploited in the wild. However, Microsoft has now fixed this bug with the Patch Tuesday update bundle.

Other Microsoft November Patch Tuesday Updates

In addition to the zero-day, Microsoft also fixed 12 critical security flaws. All of these could allow remote code execution upon an exploit. Besides, it also fixed 61 important severity vulnerabilities. Upon exploit, these could lead to spoofing, denial of service, information disclosure, privilege escalation, security feature bypass, and remote code execution.

In all, with this update, Microsoft patched 74 different bugs affecting Microsoft Windows, Microsoft Edge, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Exchange Server, ChakraCore, Visual Studio, Open Source Software, and Azure Stack.

Let us know your thoughts in the comments.

The following two tabs change content below.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Source link

Related Articles

Leave a Comment