Microsoft Patches Internet Explorer Zero-Day Reported by Google
Microsoft’s Patch Tuesday updates for February 2019 deal with greater than 70 vulnerabilities, together with an Internet Explorer flaw that Google researchers have noticed being exploited in assaults.
This zero-day vulnerability is tracked as CVE-2019-0676 and it’s been described by Microsoft as a data disclosure factor that exists because of the best way Internet Explorer handles items in reminiscence.
An attacker can exploit the flaw to check for the presence of recordsdata at the focused instrument’s disk, however the sufferer will have to be tricked into opening a malicious web page the use of a susceptible model of Internet Explorer.
The safety hollow affects Internet Explorer 11. Microsoft has lately urged customers to forestall the use of IE as their default browser because of the protection dangers related to the appliance, which the tech large now describes as a “compatibility solution.”
Microsoft has credited Clement Lecigne of Google’s Threat Analysis Group for reporting the vulnerability. It’s price noting that Lecigne was once additionally credited by Microsoft in December for reporting a faraway code execution flaw in Internet Explorer nine and 11 (CVE-2018-8653) that had additionally been exploited in assaults when a patch was once launched.
No main points had been shared about those assaults, however since CVE-2018-8653 were exploited in focused assaults, chances are high that that it’s the similar with CVE-2019-0676 as neatly.
It’s additionally price noting that Lecigne was once credited by Apple remaining week for 2 iOS zero-day vulnerabilities that were exploited within the wild.
Microsoft’s newest safety updates additionally unravel a number of vulnerabilities whose main points have been made public ahead of a patch was once launched. The listing features a privilege escalation factor associated with Exchange Server, which a researcher disclosed in overdue January.
One knowledge disclosure flaw in Windows and two Team Foundation Server weaknesses have been additionally marked by Microsoft as “publicly disclosed.”
Trend Micro’s Zero Day Initiative has analyzed the entire advisories revealed by Microsoft and studies that 20 vulnerabilities had been described as “critical” and 54 as “important.” The vital flaws affect Internet Explorer, Edge, SharePoint, and Windows, they usually all permit faraway code execution.
Adobe’s Patch Tuesday updates unravel vulnerabilities in Acrobat and Reader, Flash Player, ColdFusion and Creative Cloud. The main points of 1 flaw impacting Reader have been made public in overdue January.