Announced 17 October 2019

Score: High

A security issue affects IGEL Windows products in the following versions:

  • IGEL Windows 10 IoT

Details

A denial of service vulnerability exists when Microsoft Defender improperly handles files. An attacker could exploit the vulnerability to overwrite the discretionary access control list (DACL) for a file. To exploit the vulnerability, an attacker would first require execution on the victim system.

Update Instructions

  • IGEL Windows 10 IoT: Update to IGEL Windows 10 IoT 4.04.120 or newer.

References

Microsoft Security Response Center - CVE-2019-1255 | Microsoft Defender Denial of Service Vulnerability: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1255