Internet explorer used by many users. In recent security update of Internet Explorer an critical flaw was being exploited. According to Redmond, vulnerability of memory corruption listed as CVE 2019-1367. This exploit can be executed by malicious webpage or email which shows that Windows can be hacked just by viewing malicious webpage.
While using Internet Explorer malware, spyware & other malware family can be injected. Currently the flaw is presented in Internet Explorer 9 & 11. Microsoft typically patches vulnerabilities each month. According to Redmond such bugs are considered critical security risks.
As per ethical hacking reseacher of international institute of cyber security Microsoft has to break its normal patch cycle to release security patch of above listed security flaw rather than waiting until October 8 whereas next patch is due to arrive on Tuesday. According to Shaun Nicholis from San Fransico Still many users prefer Google Chrome instead of Internet Explorer which accounts 8.3 percent among desktop world. Microsoft is pushing Windows users to use their new Edge Browser with updated security policies. Even if you don’t use IE still users should considering update through Windows updates.
While updating to latest security patches consider to update Windows Defender. In CVE 2019-1255 shows the file-handling error in Defender that will show false positive when scanning an application. An attacker who already exploited with this flaw & has access to system could abuse feature to block some applications. Microsoft said – This exploit can prevent legitimate accounts from executing system binaries. According to Charalampos Billinis of F-Secure Countercept & wenxu Wu of Tencent Security uanwu Lab this flaw should be handled at lower-priority than the IE bug. Because it only prevent access. In most scenarios Microsoft will automatically pushed the Malware Protection engine update.
Cyber Security Researcher. Information security specialist, currently working as risk infrastructure specialist & investigator.
He is a cyber-security researcher with over 25 years of experience. He has served with the Intelligence Agency as a Senior Intelligence Officer. He has also worked with Google and Citrix in development of cyber security solutions. He has aided the government and many federal agencies in thwarting many cyber crimes. He has been writing for us in his free time since last 5 years.