Situation
Microsoft has issued an out-of-band security patch to address critical vulnerabilities in Internet Explorer and Microsoft Defender.
Problem
The security patch addresses two vulnerabilities:
1. An Internet Explorer remote code execution vulnerability exists in the way that the scripting engine handles objects in memory.
2. A Microsoft Defender denial of service vulnerability caused by improperly handling files.
The vulnerabilities affect Windows 10, 8.1, 7, Windows Server 2019, 2016, 2012, 2012 R2, 2008, 2008 R2
Implication
The Internet Explorer vulnerability could be used by an attacker to corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker could then install programs; view, change, or delete data; or create new accounts.
The Microsoft Defender vulnerability, if successfully exploited by an attacker, could prevent legitimate accounts from executing legitimate system binaries.
Need
Install the most recent security patch for Microsoft Defender and Internet Explorer. Patches and version information for each affected Windows platform be found below.
Internet Explorer:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1367#ID0EGB
Microsoft Defender:
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255