ISN-2019-12: Internet Explorer Vulnerability

Announced 08 October 2019

Score: High

A security issue affects IGEL Windows products in the following versions:

  • Universal Desktop W7+
  • IGEL Windows 10 IoT

Details

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Update instructions:

  • Universal Desktop W7+: Update to version 3.14.100 or newer.
  • IGEL Windows 10 IoT: Upgrade to IGEL Windows 10 IoT 4.04.120 or newer.

References

Microsoft Security Response Center - CVE-2019-1367 | Scripting Engine Memory Corruption

Vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367

Last update: December 10, 2019