November 2019 Threat Intelligence (CRITICAL ALERT)
This month, Microsoft has patched 74 vulnerabilities, 9 of which are critical. But this month’s Patch Tuesday arrives with a patch for a vulnerability in the Internet Explorer engine that hackers have previously exploited in the wild.
All users are advised to install these security updates as soon as possible to ensure they’re protected from these security risks in Windows.
Known as CVE-2019-1429, Microsoft claims the IE bug can allow remote code execution due to “the way that the scripting engine handles objects in memory in Internet Explorer.”
This bug is found in the scripting engine, so it affects more than just the IE browser. It is also used inside Office Suite apps to display web content inside embeddable iframes, meaning attackers can craft malicious Office documents and exploit malicious code on a user’s system if the user allows the display of rich content.
The three individuals who reported the bug have not yet released any details about the attacks and where this zero-day was discovered.
Government-based hacking groups usually discover most Windows zero-days, but they slowly make their way to financial crime-focused groups, then mundane spam operations, and later, automated exploit kits.
Although the IE zero-day is the most important bug to patch, this month’s Patch Tuesday includes more security updates, with fixes for 74 bugs across 9 Microsoft platforms.
Security vulnerabilities are the ‘low-hanging fruit’ for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or data before applying any updates.