Kaspersky Threats

Detect date

?

08/13/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

A security feature bypass vulnerability in Microsoft Browsers can be exploited remotely via specially crafted website to bypass security restrictions.
An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to obtain sensitive information.
A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.

Affected products

Internet Explorer 10
Internet Explorer 11
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1192
CVE-2019-1030
CVE-2019-1131
CVE-2019-1196
CVE-2019-1197
CVE-2019-1194
CVE-2019-1193
CVE-2019-1133
CVE-2019-1195
CVE-2019-1140
CVE-2019-1139
CVE-2019-1141

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

Detect date ?	08/13/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: A security feature bypass vulnerability in Microsoft Browsers can be exploited remotely via specially crafted website to bypass security restrictions. An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
Affected products	Internet Explorer 10 Internet Explorer 11 Microsoft Edge
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-1192 CVE-2019-1030 CVE-2019-1131 CVE-2019-1196 CVE-2019-1197 CVE-2019-1194 CVE-2019-1193 CVE-2019-1133 CVE-2019-1195 CVE-2019-1140 CVE-2019-1139 CVE-2019-1141
Impacts ?	ACE [?] OSI [?] SB [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2019-11924.3Warning CVE-2019-10304.3Warning CVE-2019-11314.2Warning CVE-2019-11964.2Warning CVE-2019-11974.2Warning CVE-2019-11947.5Critical CVE-2019-11936.4High CVE-2019-11337.5Critical CVE-2019-11954.2Warning CVE-2019-11404.2Warning CVE-2019-11394.2Warning CVE-2019-11414.2Warning
KB list	4512516 4511553 4512501 4512497 4512517 4512518 4512506 4512488 4512508 4512507 4511872 4512476
Microsoft official advisories	Microsoft Security Update Guide