Update now! Microsoft and Adobe’s February 2019 Patch Tuesday is here – Naked Security

[ad_1]

Internet Explorer (IE) may have launched way back in 1995 but nearly a quarter of a century later it’s still creating work for Microsoft and Windows users.

Take February’s Patch Tuesday, a highlight of which is a bona fide IE 10 and 11 zero-day said by Microsoft to be under active exploit by cybercriminals.

Identified as CVE-2019-0676 and marked ‘important’, all patchers have to go on for now is Microsoft’s brief description of what an exploit might look like:

An attacker who successfully exploited this vulnerability could test for the presence of files on disk. For an attack to be successful, an attacker must persuade a user to open a malicious website.

That’s not just for IE holdouts either – IE11 is present within all consumer Windows 10 versions for compatibility reasons so all users in this category get it.

Rounding out the legacy IE patching is the critical flaw identified as CVE-2019-0606, a Remote Code Exploit (RCE) vulnerability exploitable by luring a user to a malicious website.

Among its haul of 77 CVE-level security fixes, 20 marked critical, February has four other important-rated flaws that have been publicly disclosed: CVE-2019-0636, CVE-2019-0646, CVE-2019-0647, and the most interesting of all, CVE-2019-0686.

Covered last week by Naked Security, this is the recently-revealed Exchange elevation of privilege flaw dubbed PrivExchange which an attacker could use as part of a chain to elevate an ordinary mailbox account into that of Domain Admin.