Microsoft’s Patch Tuesday Fixes Zero-Day Exploits in IE and Exchange
- Microsoft released a security update for Windows that addresses a large number of security issues.
- Over 70 fixes were deployed by the company, 20 of which were critical vulnerability fixes.
- Some of the vulnerabilities were discovered by security researchers, including the team from Project Zero by Google.
A number of fixes were deployed for Internet Explorer and Exchange as part of Patch Tuesday by Microsoft. The Internet Explorer zero-day exploit was discovered very recently while the Exchange exploit was disclosed last month by a security researcher. Microsoft’s Patch Tuesday is held on the second or fourth Tuesday of each month, and security updates for the company’s products are released.
According to Microsoft, the Internet Explorer vulnerability could potentially allow attackers to test for specific files stored in systems. To do so, an attacker would need to lure a target to a malicious website. The vulnerability has been indexed under CVE-2019-0676, and it affects Internet Explorer 10 and 11 on Windows systems. The vulnerability was found by Project Zero, which is an initiative by Google to identify security loopholes and ethically report them.
Microsoft Exchange also received a major security fix. The vulnerability that was patched could allow attackers access to administrative control over servers. The vulnerability has been dubbed PrivExchange and has been filed under CVE-2019-0686. The vulnerability was first disclosed last month, and a proof-of-concept was also submitted by security researchers. Even though the exploit has been around for a month, Microsoft stated that it has seen it being used actively.
Microsoft’s Patch Tuesday this month saw a total of seventy vulnerabilities being patched including twenty critical vulnerabilities. Some of the affected software includes .NET, Visual Studio, Azure, Edge, Office and more. The company has released a complete overview detailing all the exploits and their CVSS scores to indicate their threat levels. Microsoft is not the only tech giant to have faced security exploits recently. Google’s Project Zero team also notified Apple about security exploits found in iOS, but the iPhone maker is yet to release an official statement about any bugfixes.
What do you think about the security exploits patched by Microsoft? Let us know in the comments below. Feel free to also share your thoughts with our online community on Facebook and Twitter.