24 September 2019
Microsoft has released two out-of-band security updates to address vulnerabilities discovered in Internet Explorer and Microsoft Defender.
- CVE-2019-1367 - This is a remote code execution vulnerability in Internet Explorer. It exists in the way that the scripting engine mishandles objects in memory, thereby allowing an attacker to execute arbitrary code in the context of the current user. It has a Common Vulnerability Score System (CVSS) v3.0 severity base score of 7.5 out of 10.
- CVE-2019-1255 - This is a denial of service vulnerability that exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to prevent the execution of legitimate system binaries. It has a CVSS v3.0 severity base score of 3.2.