Microsoft Corporation today released its latest batch of security updates, fixing 59 vulnerabilities, nine of them critical.
Four of the critical flaws consisted of memory corruption bugs that can surface when the Chakra scripting engine handles certain objects in memory in the Microsoft Edge web browser (CVE-2019-1366, CVE-2019-1307, CVE-2019-1308 and CVE-2019-1335). These flaws can be exploited to trigger remote code execution, potentially allowing attackers to install programs, manipulate data or create privileged accounts.
"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Microsoft Edge and then convince a user to view the website," Microsoft explains in its multiple advisories. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.