Microsoft has urgently patched two security vulnerabilities, one of which is an actively exploited zero-day.
Microsoft has issued an urgent fix for a zero-day vulnerability under active exploitation. The vendors describe it as scripting engine memory corruption vulnerability targeting Internet Explorer.
Elaborating on this vulnerability (CVE-2019-1367) in their advisory, Microsoft stated,
It means that, upon exploit, the flaw could let the attacker gain the same user rights as that of the current user. This was particularly dangerous in a scenario should the user have admin rights. In such a case, the attacker could take complete control of the system. This includes installing programs, modifying or deleting data, and creating accounts with full user rights.
Triggering this bug wasn’t so difficult either.
While the bug remained publicly undisclosed, Microsoft confirmed active exploitation of this flaw.
Apart from the urgently patched zero-day, Microsoft also fixed another serious vulnerability that affected Microsoft Defender.