New zero day found in Microsoft Internet Explorer
CVE-2019-0674
Sources
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001 (1)
Risks
Successful attacks using this vulnerability could allow an attacker to execute his own shellcode remotely with Internet Explorer privileges.
Description
An attacker can make use of a zero-day vulnerability in Internet Explorer 9 through 11 to run arbitrary commands with full user rights. If the logged in user is an administrator, this could lead to a full system compromise.
There is currently no patch available for this vulnerability, and the vulnerability is actively being exploited in the wild. There are known mitigations, however.
Recommended Actions
CERT.be recommends to perform the mitigation techniques proposed by Microsoft(1), or to use a different browser until a patch is available.