Microsoft has identified, and patched two serious vulnerabilities, one of which allowed hackers full control over the target system. The remote code execution zero-day vulnerability was found in Internet Explorer versions 9, 10 and 11, and allowed hackers to gain admin rights for a target system, or create new user accounts with admin rights, if necessary.
It dubbed the vulnerability CVE-2019-1367, and described it like this:
"A remote code execution vulnerability (opens in new tab) exists in the way that the scripting engine handles objects in memory in Internet Explorer."
The vulnerability, which was first discovered by Clément Lecigne from Google's Threat Analysis Group, allows hackers to execute arbitrary code, which means successful exploitation of the flaw would allow hackers to gain the same user rights as the current user. And if the current user has admin rights – they get admin rights, too.
With admin rights, further compromise is easy, as they could install programs, change and delete data and tamper with the system.
The second vulnerability, dubbed CVE-2019-1255, is a Denial of Service vulnerability for the Microsoft Defender (opens in new tab). Is not as dangerous, but could be used to prevent legitimate accounts from executing legitimate system binaries.
First uncovered by F-Secure Countercept’s Charalampos Billinis and Wenxu Wu from Tencent Security Xuanwu Lab, the vulnerability requires the hacker to first gain access rights on the victim system.
It doesn’t seem to be exploited at the moment.
- The best antivirus software in 2019 (opens in new tab)