Announced 17 October 2019
A security issue affects IGEL Windows products in the following versions:
- IGEL Windows 10 IoT
A denial of service vulnerability exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to overwrite the discretionary access control list (DACL) for a file. To exploit the vulnerability, an attacker would first require execution on the victim system.
- IGEL Windows 10 IoT: Update to IGEL Windows 10 IoT 4.04.120 or newer.
Microsoft Security Response Center - CVE-2019-1255 | Microsoft Defender Denial of Service Vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255