Microsoft has eliminated 0-day in Internet Explorer & Exchange Server

Microsoft has released a regular monthly set of patches, eliminating fairly serious security problems. First of all, we are talking about a 0-day vulnerability in Internet Explorer, which is actively exploited by hackers. Secondly, the updates eliminate the breach revealed last month in the Exchange Server, for the use of which the PoC code was also published.

According to the Microsoft team, the vulnerability of the proprietary Internet Explorer browser allows attackers to check for files stored on the disks of the attacked computer.

To exploit this vulnerability, cybercriminals first need to lure the victim to a malicious site. Microsoft has registered the presence of active exploits on the Web, which are designed specifically for this flaw.

The security issue in IE was identified with CVE-2019-0676, it affects versions 10 and 11 on all supported releases of the Windows system. Vulnerability discovered by experts of the project Google Project Zero.

Chris Jackson – chief software consultant at Microsoft, spoke about the risks of using the default Internet Explorer browser. According to Jackson, users should gradually refuse to access the network using this Internet browser.

Also, in February, a set of updates eliminates a vulnerability in Exchange Server, which allows an attacker, having an account with low privileges, to get server administrator privileges.

This problem received the identifier CVE-2019-0686, its details were disclosed last month. Then the code was proof-of-concept, which can be easily used to exploit this vulnerability.