Kaspersky Threats

Detect date

?

08/13/2019

Severity

?

Critical

Description

Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

A security feature bypass vulnerability in Microsoft Browsers can be exploited remotely via specially crafted website to bypass security restrictions.
An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to obtain sensitive information.
A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.

Exploitation

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products

Internet Explorer 10
Internet Explorer 11
Microsoft Edge

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1192
CVE-2019-1030
CVE-2019-1131
CVE-2019-1196
CVE-2019-1197
CVE-2019-1194
CVE-2019-1193
CVE-2019-1133
CVE-2019-1195
CVE-2019-1140
CVE-2019-1139
CVE-2019-1141

Impacts

?

ACE

[?]

OSI

[?]

SB

[?]

Detect date ?	08/13/2019
Severity ?	Critical
Description	Multiple vulnerabilities were found in Microsoft Browsers. Malicious users can exploit these vulnerabilities to bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: A security feature bypass vulnerability in Microsoft Browsers can be exploited remotely via specially crafted website to bypass security restrictions. An information disclosure vulnerability in Microsoft Edge can be exploited remotely via specially crafted content to obtain sensitive information. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. A memory corruption vulnerability in Microsoft Browser can be exploited remotely via specially crafted website to execute arbitrary code.
Exploitation	Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.
Affected products	Internet Explorer 10 Internet Explorer 11 Microsoft Edge
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2019-1192 CVE-2019-1030 CVE-2019-1131 CVE-2019-1196 CVE-2019-1197 CVE-2019-1194 CVE-2019-1193 CVE-2019-1133 CVE-2019-1195 CVE-2019-1140 CVE-2019-1139 CVE-2019-1141
Impacts ?	ACE [?] OSI [?] SB [?]
Related products	Microsoft Internet Explorer Microsoft Edge
CVE-IDS ?	CVE-2019-11920.0Unknown CVE-2019-10300.0Unknown CVE-2019-11310.0Unknown CVE-2019-11960.0Unknown CVE-2019-11970.0Unknown CVE-2019-11940.0Unknown CVE-2019-11930.0Unknown CVE-2019-11330.0Unknown CVE-2019-11950.0Unknown CVE-2019-11400.0Unknown CVE-2019-11390.0Unknown CVE-2019-11410.0Unknown
KB list	4512516 4511553 4512501 4512497 4512517 4512518 4512506 4512488 4512508 4512507 4511872 4520010 4520008 4520007 4519998 4520005 4517389 4519338 4520011 4520004 4519976 4519974
Microsoft official advisories	Microsoft Security Update Guide