Microsoft’s Patch Tuesday updates for November 2019 address 74 flaws, including an Internet Explorer vulnerability, tracked as CVE-2019-1429, that has been exploited in the wild. Microsoft
The CVE-2019-1429 zero-day is a scripting engine memory corruption vulnerability that affects Internet Explorer 9, 10 and 11. Microsoft.
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.” read the security adviso
The vulnerability could be exploited by an attacker to execute arbitrary code in the context of the current user by tricking the victims into visiting a specially crafted website with a vulnerable IE browser or into opening a
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine.” continues the advisory “The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.”
Microsoft addressed the flaw by modifying how the scripting engine handles objects in memory, the company has not identified any workarounds or mitigating factors for this issue.
Microsoft has credited Ivan Fratric from Google Project Zero, Clément Lecigne from Google’s Threat Analysis Group, an anonymous researcher from
Microsoft’s Patch Tuesday updates for November 2019 addressed
Of these 74 CVEs addressed by Microsoft, 13 are rated Critical and 61 are rated Important in severity. 15 vulnerabilities were reported through the ZDI program.
According to Trend Micro’s Zero Day Initiative (ZDI), several threat groups could start exploiting the CVE-2019-1429 zero-day now that the patch has been released and that it is possible to make a reverse-engineering of the fix.
Microsoft also addressed a remote code execution vulnerability, tracked as CVE-2019-1373, in Microsoft Exchange. The vulnerability resides in the
“While this may be an unlikely scenario, it only takes one user to compromise the server. If that user has administrative privileges, they could hand over complete control to the attacker.” reads a post published by ZDI.
Other critical vulnerabilities addressed by Microsoft impact Windows, Internet Explorer, and Hyper-V.
“Looking through the Critical-rated patches, the updates for Hyper-V stand out the most. Five separate code execution bugs receive patches this month, and each could allow a user on the guest OS to execute code on the underlying host OS,” ZDI concludes.