قالب وردپرس درنا توس
Home / Technology / Microsoft releases a security update for Internet Explorer

Microsoft releases a security update for Internet Explorer



Microsoft released an out-of-band security update for Internet Explorer for all supported versions of Windows on September 23, 2019.

The security update is available only at the time of writing and publishing on the Microsoft Update Catalog Web site, not through Windows Update or WSUS.

Some support articles contain very little information. The description of the Windows 10 update merely states "
Updates to Improve Security when Using Internet Explorer" without going into more detail. The page links to the security update guide that after some browsing to the CVE, exposes the vulnerability Provides more information and a direct link to the CVE.

It states:

This security update resolves a vulnerability in Internet Explorer. A remote code execution vulnerability exists in the way that the scripting engine processes objects in memory in Internet Explorer. The vulnerability could corrupt memory so that an attacker could execute arbitrary code in the context of the current user. The security update addresses the vulnerability by modifying the way that the script engine handles objects in memory.

The same information is also provided on the CVE page. Microsoft points out that in the event of a successful attack, an attacker could gain control of the compromised system, allowing the attacker to install or remove programs, view, modify, or delete files, or create new user accounts.

The security issue is being actively exploited to Microsoft; An attacker could create a specially crafted Web site to exploit the problem in Internet Explorer.

Microsoft has released a workaround to protect systems if the published updates can not be installed at this time. The workaround may reduce the functionality "for components or features based on jscript.dll".

The commands must be run from an elevated command prompt.

Workaround for 32-bit systems:

  • takeown / f% windir% system32 jscript.dll
  • cacls% windir% system32 jscript.dll / E / P all: N [Workaroundfor64-bitSystems:

    • takeown / f% windir% syswow64 jscript.dll
    • cacls% windir% syswow64 jscript.dll / E / P all: N
    • takeown / f% windir% system32 jscript.dll
    • cacls% windir% system32 jscript.dll / E / P everyone: N

    The workaround can be undone by issuing the following commands at an elevated command prompt

    Undoing 32-bit:

    • cacls% windir% system32 jscript.dll / E / R for all

    Undoing 64-bit files

    • cacls% windir % system32 jscript.dll / E / R for all
    • cacls% windir% syswow64 jscript.dll / E / R everyone

    List of updates that are used by the security manager Fixes: [1

    9659002] What about Windows Updates?

    Microsoft has not released the update through Windows Update or WSUS. Susan Bradley notes that the company could release the update on Windows Update and WSUS on September 24, 2019, but Microsoft did not confirm this. A problem that is exploited in nature but is supposed to be released as an update is manual downloaded and installed.

    Closing Words

    Should you install the update immediately or not? This security update is only available through the Microsoft Update Catalog Web site at the time of writing.

    I would still recommend the installation, but you should create a system backup, for example: Use Macrium Reflect or Paragon Backup & Recover Free before you do this because there are no unwanted side effects or problems today.

    Now You : Install or wait for position?

    SUMMARY

      Microsoft Releases a Security Update for Internet Explorer

    Article Name

    Microsoft Releases a Security Update for Internet Explorer

    Description

    Microsoft has an out-of Tape Security Update for Internet Explorer on September 23, 2019 for all supported versions of Windows.

    Author

    Martin Brinkmann

    Publisher

    Ghacks Technology News

    Logo

    Advertising


Source link