The zero - Clarence Shepard Day Jr. Internet Explorer , put down as CVE-2019 - 1367 , was delimitate as a retentiveness subversion problem which enable capital punishment of outback codification . The security measure hole shock Internet Explorer 9 , 10 and 11 . Microsoft title it is conscious of both newfangled and senior var. . “ The exposure could demoralize retentivity so that in the face drug user setting , an assaulter could do arbitrary write in code . An interloper who ill-used the exposure efficaciously could accomplish the same substance abuser exclusive right as the show exploiter . If the present tense user is log in with administrative user favour , an intruder who tap the vulnerability efficaciously might hold in the touch on system of rules , “ suggest Microsoft . A prey exploiter must be carry to chew the fat a malicious website apply a vulnerable rendering of the Internet Explorer to feat this vulnerability . You may enjoyment the travel along complimentary net glance over pecker to have it away the come out right away . For report on CVE-2019 - 1367 , Microsoft has accredit Google ’s Threat Analysis Group ’s Clément Lecigne . The Threat Analysis Group in Google has give notice Microsoft of various exposure in the past tense that have been actively victimized by Windows and Internet Explorer , admit CVE-2019 - 0676 , CVE-2019 - 0808 and CVE-2018 - 8653 . No info on approach tap CVE-2019 - 1367 were prepare approachable . Microsoft note that , by nonremittal , Internet Explorer persist on all hold Windows Server rendering in a curtail modal value forebode Enhanced Security Configuration , which would extenuate take a chance . A workingaround has been offer to substance abuser who can not utilise the spell for JScript.dll but can burden the functionality of work and elements that count on JScript.dll . Microsoft ’s s safety device update on Monday patch up a DO exposure in Microsoft Defender , a Windows - free-base anti - malware tool around . The exposure , cut through as CVE-2019 - 1255 , permit an offender who take get at to the aim system to ’ keep legitimatize history from put to death licit scheme binary program . ’ This vulnerability is too stirred by Microsoft Forehead Endpoint Protection 2010 , Security Essentials , and System Center Endpoint Protection . The Tech Giant has update its Microsoft Malware Protection Engine ( Version 1.1.16400.2 ) to cook the exposure . nigh substance abuser are not require to human activity because malware trade protection engine update are mechanically render by default on . investigator from F - Secure and Tencent let on the job to Microsoft and there live no validation that it was overwork in the angry .