Microsoft’s Patch Tuesday has come and gone, but it did include a fix for an Internet Explorer (IE) Zero Day among the over 70 vulnerabilities.
The IE issue (CVE-2019-1429) could allow an attacker to execute remote code because of the way the scripting engine handles objects in memory.
In addition, the issue has an impact on more than the browser. IE’s scripting engine is in Office Suite apps to display web content inside embeddable iframes, which means attackers can put together malicious Office documents and execute code on a user’s system if the user allows the display of rich content.
The IE Zero Day was spotted in ongoing attacks.
Users should look at patching the issue before attacks become more commonplace.
While the Zero Day fix is most likely the most urgent issue to attend to, after all, November features fixes for 74 vulnerabilities.
Microsoft issued a special advisory for dealing with a vulnerability that exists in certain Trusted Platform Module (TPM) chipsets.
Tracked as CVE-2019-16863, details about this vulnerability are not yet available.
Click here for more details on Microsoft’s Patch Tuesday.