Network Security, Patch/Configuration Management, Vulnerability Management

Microsoft revises and re-releases patch for exploited Internet Explorer bug

Microsoft Corp. yesterday re-released a security update for CVE-2019-1367, a critical remote execution bug in Internet Explorer that has been actively exploited. The new release expands upon the previous emergency out-of-band update, which took place Sept. 23.

According to reports, the company's earlier effort to distribute a patch was only available on a limited basis via its Microsoft Update Catalog, which must be manually downloaded. This time, the update available to the masses via Windows Update and Windows Server Update Services.

Additionally, the new version fixes several errors with the original update, including an issue with the print spooler services that could result in failed print jobs, and another issue that could cause an error after installing Features on Demand.

Discovered by Clément Lecigne of Google’s Threat Analysis Group and designated CVE-2019-1367, the IE bug is a memory corruption vulnerability that can be exploited for remote code execution in the context of the current user. If the current user has admin rights, then the attacker would have the power to install malicious programs, view and manipulate data and create new accounts.

Such an attack could be executed by sending potential victims emails that trick them into visiting a specially crafted website, viewed with IE.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.