CVE-2019-1367 é uma nova vulnerabilidade zero-day do tipo execução remota de código, para o qual um patch de emergência foi apenas emitiu.
O bug poderia permitir que invasores para executar ataques remotos com o propósito de prover acesso através de um sistema. The vulnerability is a scripting engine memory corruption issue, which was discovered by Clément Lecigne of Google’s Threat Analysis Group.
CVE-2019-1367: Detalhes técnicos
Aqui está o descrição oficial of CVE-2019-1367:
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.
It should be noted that in case the user is logged in with admin rights, the attacker could take control of the entire system. This event could lead to various outcomes, including the installation of programs, and the alteration or deletion of data.
An attack based on the CVE-2019-1367 exploit could be launched via email (malspam) or by tricking the user into visiting a maliciously crafted website. It should be mentioned that the targeted browser is Internet Explorer, which continues to be used by a large userbase. além disso, spam and malware campaigns take place daily, so applying the emergency patch for CVE-2019-1367 should be done immediately.
This is not the only issue that Microsoft is addressing. The second vulnerability is assigned the CVE-2019-1255 number and is located in Microsoft Defender. Felizmente, the bug is not as serious as the other one. Attackers could leverage the issue to prevent legitimate accounts from executing legitimate system binaries, Microsoft explicou.
Even though CVE-2019-1255 is not critical, a patch should be applied. The issue is fixed in v1.1.16400.2 of the Microsoft Malware Protection Engine, which is a component of the Microsoft Defender antivirus. The vulnerability was discovered by Charalampos Billinis of F-Secure Countercept and Wenxu Wu of Tencent Security Xuanwu Lab.