Microsoft Internet Explorer Remote Code Execution Vulnerability (CVE-2019-1367) Threat Alert
October 15, 2019
1 Vulnerability Description
On September 23, local time, Microsoft released cumulative security updates for the Internet Explorer (IE), fixing a remote code execution vulnerability (CVE-2019-1367) in IE. This vulnerability exists in the way the IE’s script engine handles objects in memory. By tricking a user into accessing a crafted website through IE, an attacker could exploit this vulnerability to execute arbitrary code to finally gain control access to the system. (more…)
Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1297) Threat Alert
October 4, 2019
Overview
Microsoft released security updates for September that address a remote code execution vulnerability (CVE-2019-1297) in Microsoft Excel.
This vulnerability exists in Microsoft Excel when it fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged in with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (more…)
Microsoft Remote Desktop Services Remote Code Execution Vulnerability (CVE-2019-0708) Threat Alert
May 23, 2019
Overview
On May 14, 2019, local time, Microsoft released security updates for May that address a critical remote code execution vulnerability (CVE-2019-0708) in Remote Desktop Services. The Remote Desktop Protocol (RDP) is not affected by this vulnerability. As the vulnerability may be exploited in worm-related attacks, users are advised to download appropriate patches and upgrade their systems as soon as possible. (more…)
