The mere utterance of the word “Bug” makes any computer user break out into a cold sweat, triggering a panic to check if they have the latest malware and antivirus freeware.
Then everything slowly returns to normal. Like a calm before the storm.
That is until Microsoft announced a new vulnerability on their Internet Explorer browser, a bug that can take over your entire PC.
Microsoft released an emergency unscheduled security update (CVE-2019-1367) on Monday, 23rd September 2019, to fix two critical security issues:
- IE zero-day vulnerability
- IE Microsoft defender bug
What is Zero-day Vulnerability?
“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft says. “If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
This means that if an attacker can convince you to click on an affected link via various methods such as spam email, IM spam, search engine ads, and advertising campaigns, you will soon be sitting in a pool of sweat because they can do whatever they want to your PC and your stored data.
What is the Microsoft Defender bug?
This bug is a denial of service (DoS) vulnerability in Microsoft Defender, formerly known as Windows Defender, shipped with Windows.
This bug allows a hacker to disable Microsoft Defender components from executing making it easier to run file-less attacks malicious code undetected.
The sum of all this?
It might be best for you to download and a safer browser like Chrome, Firefox or Opera, you can upload all your IE bookmarks to these browsers in seconds.
Market research is showing that Internet Explorer usage has gone down to 1.97% market share, theoretically minimizing unwanted attacks.
Microsoft provided patches with the following instructions: “The security advisory also contains links to the manual update packages which Windows users will need to download from the Microsoft Update Catalog and run on their systems by hand. The patch for the IE zero-day won’t be available via Windows Update”.