Microsoft Issues Windows Security Update for 0Day Vulnerability

[silversurfer]

Content source

https://www.bleepingcomputer.com/news/security/microsoft-issues-windows-security-update-for-0day-vulnerability/

Microsoft released two out of band security updates today for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively.

The first one is a zero-day RCE vulnerability tracked as CVE-2019-1367 and disclosed by Clément Lecigne of Google’s Threat Analysis Group.
The CVE-2019-1367 scripting engine memory corruption vulnerability is known to have been exploited in the wild and it "exists in the way that the scripting engine handles objects in memory in Internet Explorer."

Out of band security vulnerability fixes CVE-2019-1367 and CVE-2019-1255 have been released today. For more information please see https://t.co/QMUM53m8so and https://t.co/vy3d0wXWng .
— Security Response (@msftsecresponse) September 23, 2019​

Microsoft Issues Windows Security Update for 0Day Vulnerability

Microsoft released two out of band security updates today for remote code execution (RCE) and denial of service (DoS) security vulnerabilities impacting Internet Explorer and Windows Defender, respectively.

www.bleepingcomputer.com

 

[plat]

So is Microsoft slipping this update in with the definitions, like a mickey or what? Anyone who wants to check the engine version, open Defender app, click three bars at top, click settings cog at bottom, then click "about." *** I still have the old version. IE11 was fortuitously shut off a few days ago via Control Panel. Haven't gotten either yet, it says within 48 hours.

***ridiculous

 

[oldschool]

So is Microsoft slipping this update in with the definitions, like a mickey or what?

I'm not sure what your concern is here.

 

[upnorth]

@plat1098 , have you checked here?

Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence

 

[oldschool]

@plat1098 , have you checked here?

Latest security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware - Microsoft Security Intelligence

Your link is for definition updates. I think his concern is with the antimalware engine update which will be part of the cumulative update in the next 48 hours.

 

[93803123]

So is Microsoft slipping this update in with the definitions, like a mickey or what? Anyone who wants to check the engine version, open Defender app, click three bars at top, click settings cog at bottom, then click "about." *** I still have the old version. IE11 was fortuitously shut off a few days ago via Control Panel. Haven't gotten either yet, it says within 48 hours.

View attachment 225450

***ridiculous

You're still on 1809 ?

 

[plat]

Thanks, upnorth! Even though you can update manually, I don't like the recent trend of issuing patches via definition updates (like with the broken Defender scan very recently). You can't monitor anything this way, unlike with Windows system ones, you know when it's coming and there's a changelog. Plus getting the Defender's versions is very convoluted and obscure. The article didn't say how this update would be delivered.

I'm on 1903 and everything is current, I checked.


forum member Oldschool said in post #5: …..I think his concern is with the antimalware engine.....

Uh, it's her concern, and there is actually no concern. Thanks.

 

[oldschool]

Uh, it's her concern, and there is actually no concern.

Oops, sorry. :notworthy:

I read the article to mean the update will come with the tomorrow's cumulative update:

...Users don't need to take any actions to protect against CVE-2019-1255 exploitation since the Microsoft Malware Protection Engine comes with an auto-update feature that will automatically install the newly patched version within 48 hours of its availability.

 

[DeepWeb]

I love how Windows Defender has become one of the most troubling attack vectors. The irony.

 

[upnorth]

@plat1098 , I can also agree with more or less everything you said about MS recent trend how they ship updates etc. It could be much better but, I also get the feeling they them self understand it's not perfect and actually try to improve it. The share from @bribon77 is probably a sign on that.

Windows 10 is Getting a New Optional Update Experience

https://www.bleepingcomputer.com/news/microsoft/windows-10-is-getting-a-new-optional-update-experience/ Windows 10 is Getting a New Optional Update Experience Microsoft is changing the windows update experience in Windows 10 so that "optional" updates are shown in a dedicated screen...

malwaretips.com

Another share that explains a lot how MS nowadays work with their OS, is the post from @oldschool that I highly recommend. For me personal that information is already well known, but the guy in the video explains it very well.

Former M$ employee and Windows lover riffs on M$'s QA problems.

Here's yet another video poached from Wilders. Really funny and informative take from a former M$ QA employee. Definitely worth watching!

malwaretips.com

 

[plat]

Well, this is very reasonable and fair, upnorth. While I completely understand the necessity and efficiency of security patches delivered via def. updates, that doesn't mean I have to "love" it. :emoji_neutral_face: This goes back to this big thing: What are the upper limits for which Microsoft can take liberties with YOUR machine? But OK, enough already. The engine on here was updated in this sneaky manner within the past 12 hours. So, it seems, here is the current, patched version.

 

[upnorth]

Could you also confirm the patch for IE11 was installed?

 

[plat]

Yes, indeed-y. Luckily too, as IE11 was disabled via control panel. Hopefully, everybody got it without aches and pains. :emoji_grimacing:

Spoiler

 

[93803123]

I love how Windows Defender has become one of the most troubling attack vectors. The irony.

Unfortunately Windows Defender isn't the only one. Just keep track of Google Project Zero reports of Norton, Kaspersky, Trend Micro and so on. Vulns are to be found in them all.

 

[ForgottenSeer 58943]

I love how Windows Defender has become one of the most troubling attack vectors. The irony.

A quick search on this forum will indicate I've been warning of that very thing and encouraging people to not run WD. There are other things going on, and it will not get better in the end with WD. So those bandwagoning it, might want to reconsider their pied piper roles.

 

[ForgottenSeer 72227]

Unfortunately Windows Defender isn't the only one. Just keep track of Google Project Zero reports of Norton, Kaspersky, Trend Micro and so on. Vulns are to be found in them all.

Spot on.

This isn't a MS only issue. As you've said, if anyone is paying attention, they would see that Tavis Ormandy of Project Zero, has virtually ripped apart every single 3rd part security program, both with big and small vulnerabilities. To say that people shouldn't use WD because of this, is just ignoring the fact that every single AV in existence has had similar, if not worse issues.

A quick search on this forum will indicate I've been warning of that very thing and encouraging people to not run WD. There are other things going on, and it will not get better in the end with WD. So those bandwagoning it, might want to reconsider their pied piper roles.

No offence, but I'll keep using WD and I won't be stressing about this. As @zhuzhangspankspank and myself said, this isn't a MS only issue. Every AV had has similar, if not worse issues, stating otherwise is just being ignorant of the facts. This isn't some WD apology, it's a vulnerability that definitely needed to be patched, but people shouldn't be worrying and being told to switch because of it. I will still recommend WD and I urge people who are using it and like it, to continue to do so.

At the end of the day, people just need to use what works best for them. No one is forcing anyone to use WD, or any other program for that matter. One's habits will dictate if and how often they will get infected more than which security program one uses. In saying that, WD has come a long ways, it is far better than before and continues to improve. Those constantly looking for examples to rip apart WD just need to get their heads out of the sand. Many act as if MS came and took their first born or something. Chances are home users won't be subject to such an attack anyways. Doesn't mean it cant happen, but I would wager that unless your a government, large business/enterprise, bank, etc.... you won't run into this

Use what you like and practice safe habits. If you don't like WD that's totally cool, but those who do like it and use it, shouldn't be told not to use it because of this, or quite simply because the person telling them not to use it doesn't like it. :emoji_v:

 

[oldschool]

There are other things going on, and it will not get better in the end with WD.

Please do tell ...