Microsoft has released an urgent patch for two cybersecurity vulnerabilities present in IE and Microsoft Defender.
Typically, it’s to be expected for Microsoft updates to be released every second Tuesday each month, but due to their urgent nature, these have been released early.
The IE update is arguably the most crucial of the two, particularly because hackers like to exploit it so much.
In technical terms, this is a remote code execution manoeuvre.
In this particular case, an attacker could execute code from a remote location and do so with the same rights as the currently active user.
In an extreme situation, a hacker could take control over the system.
After that, installing malware, stealing files, and other sorts of cyber mischief is not out of the question either.
The attack is executed by tricking the victim into visiting an infected website via forums, email campaigns or malvertising.
On a positive note, since IE has less than 2% market share nowadays, few users will be affected.
As for the Microsoft Defender bug, Windows 8 users, and users of newer versions, should be concerned.
Microsoft reports that hackers could exploit the bug to prevent legitimate accounts from executing legitimate system binaries.
The good news is that in order to take advantage of the bug, an attacker would first have to obtain access to the victim’s system and execute custom code.
After that, they could disable Microsoft Defender’s components.