Critical vulnerability in Internet Explorer
Microsoft has released an emergency patch for a critical vulnerability in Internet Explorer.
With the critical vulnerability in Internet Explorer attackers could take over the entire system through the vulnerability.
For users of Internet Explorer, a new security patch has already been released that is not yet available through the Windows Update.
The security risk is related to the script engine and how these objects are handled in the memory area of the Internet Explorer. The vulnerability could allow attackers to execute arbitrary code in the system.
Attacker can take over complete system
Microsoft describes a scenario: "In a Web-based attack scenario, an attacker could host a specially crafted Web site designed to exploit the vulnerability via Internet Explorer and then convince a user to view the Web site, e.g. by sending an e-mail."
If the victim can be successfully lured to a bad website and the user is also logged on with administrative user rights, an attacker who successfully exploits the vulnerability can take control of the affected system. Afterwards the attacker could install programs, view, change or even delete data. Even accounts with full user rights could be created.
The security update CVE-2019-1367 provided by Microsoft addresses the vulnerability by changing how the script engine handles objects in memory.