September Patch Tuesday: Never Out Of The Woods

September Patch Tuesday: Never Out Of The Woods

September Patch Tuesday: Never Out Of The Woods

It hasn’t been the greatest month for Microsoft security. On Tue 10th they released their normal monthly security updates (read our analysis here) but less than 2 weeks later they have released another, this time an unexpected update to address a zero day exploit. This time the headline patch is in response to an Internet Explorer vulnerability which has already been exploited in the wild, hence the zero day status.

The weakness relates to multiple versions of Internet explorer across multiple operating systems (more details can be found on Microsoft’s website here).

Assigned CVE-2019-1367

This is yet another remote code execution flaw that allows an attacker remote access to the system with the same privileges as the logged in user. According to Microsoft, “if the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”Another great example of why users should never have administrative privileges on day to day accounts!

Hackers hope to exploit the vulnerability via malicious websites and may try and trick users via phishing email links or attachments, social engineering or fake websites. Although Internet Explorer popularity continues to decline, the browser is still a commonly installed and used, so the browser and many systems may be exposed to this risk.

As with all zero day exploits, Options recommend that users (both business or personal) patch the vulnerability as soon as possible, we certainly are!

– Ruairi Corrigan, Vulnerability Management

As always, Options is actively patching any and all vulnerabilities highlighted above – it is imperative that operating systems and 3rd party software products are kept up to date. Security doesn’t end with vulnerability patching; well-trained employees and a strong supporting security team are also essential. In 2019 we’ve substantially expanded our team and extended our global operational presence, rolling out rigorous training programs across the board alongside numerous platform security enhancements and the deployment of new cybersecurity initiatives to safeguard our clients’ data. For the latest on our Security, Intelligence and Analytics product offering, download our product sheet here.

Leave a Reply

Your email address will not be published. Required fields are marked *