Site icon Panda Security Mediacenter

Internet Explorer and Microsoft Defender: vulnerable to RCE attacks

Internet Explorer and Microsoft Defender: vulnerable to RCE attacks

Last year, an average of 45 vulnerabilities were discovered every day. This is almost three times more than in 2016. . Cyberincidents as well-known as WannaCry, the Equifax data breach, and the cyberattack on the Winter Olympics are were all facilitated by a vulnerability. Last month, a vulnerability in the WebAdmin plugin of OpenDreamBox 2.0.0.0 was discovered. This flaw has affected 32% of the world’s organizations, in other words, one in every three organizations.

The increase in exploited flaws seriously increases the possibility of suffering a remote code execution (RCE) attack. This year, Windows has suffered several serious vulnerabilities, which have affected millions of users all over the world, causing concern by increasing the risk that bad actors will use them in an attack. In May, a vulnerability called BlueKeep was discovered in Windows 7, XP, and other older systems, and affected as many as one million users. Three months later, four new vulnerabilities were uncovered. These were called DejaBlue, and affected up to 800 million users.

Internet Explorer, the latest vulnerable application

On September 23, Microsoft launched an urgent update for Internet Explorer. More specifically, it is a patch to fix a critical vulnerability that is actively being exploited by cybercriminals.

The vulnerability has been designated CVE-2019-1367. It is a remote code execution vulnerability, and exists in the way the scripting engine handles objects in memory in Internet Explorer. The bug could corrupt the memory and allow the attacker to gain administrator privileges, taking control of the system in order to install programs or alter data with full user privileges.

The vulnerability, which has been detected in at least version 9 to 11 of Internet Explorer, can be abused by a booby-trapped website or email to remotely execute code. That means that the vulnerable computer can be taken over via a malicious site or email. With this access, it would be possible to inject malware, spyware, or other kinds of malicious software.

This kind of remote code execution vulnerabilities are not rare in Microsoft, and the company usually launches between 10 and 20 patches every month to fix them in their Patch Tuesdays. However, the severity of this vulnerability, along with the fact that it has already been exploited in the wild, prompted Microsoft to launch this patch outside its regular update cycle.

Despite the fact that Explorer is no longer as ubiquitous as it once was (in fact, it is estimated to have just 8.3% market share), it is highly likely that users have it installed on their computer. As such, it is highly recommended that they install the patch.

Microsoft also made the most of the launch of this patch to send out another patch. This other patch was for Microsoft Defender, the default Windows antivirus. The patch is to fix a vulnerability denominated CVE-2019-1255, which could facilitate DDoS attacks.

Vulnerabilities don’t have to bring your company to a halt

Anyone who still hasn’t updated their computers should do so as soon as possible. To protect your IT system, you can download the patch launched by Microsoft here. Patches have been launched for Windows 10 (all supported versions), Windows 8, Windows 7, and currently supported versions of Windows Server.

According to a report from the Ponemon Institute and ServiceNow, companies spend an average of over 321 hours a week managing the process of responding to vulnerabilities. To facilitate the task of updating your organization’s systems, it is essential to have a solution to manage updates. Panda Patch Management, Panda Security’s solution for managing vulnerabilities and their corresponding updates and patches, audits, monitors and prioritizes updates for operating systems and hundreds of third party applications.

In exploit and malicious program detections, it notifies you of pending patches. Installations are launched immediately, or scheduled from the console, isolating the computer if needed. This way, you’ll be able to manage the patches needed for your company, without having to invest more time or resources in it. And you’ll complete your protection system in order to shield your assets.

Exit mobile version