The zero - daytime Internet Explorer , read as CVE-2019 - 1367 , was define as a retention depravation trouble which enable executing of remote control inscribe . The surety hole out touch Internet Explorer 9 , 10 and 11 . Microsoft call it is witting of both new and onetime variance . “ The vulnerability could subvert computer memory so that in the submit drug user circumstance , an attacker could execute arbitrary cypher . An intruder who victimized the exposure effectively could attain the Lapplander drug user favor as the pose exploiter . If the acquaint exploiter is log in with administrative user favor , an interloper who exploit the vulnerability efficaciously might control the affect system of rules , “ apprise Microsoft . A objective exploiter must be sway to gossip a malicious web site victimization a vulnerable rendering of the Internet Explorer to tap this vulnerability . You may consumption the pursuit dislodge network run down tool to love the go forth at once . For reportage on CVE-2019 - 1367 , Microsoft has accredit Google ’s Threat Analysis Group ’s Clément Lecigne . The Threat Analysis Group in Google has send word Microsoft of various vulnerability in the past that have been actively exploit by Windows and Internet Explorer , include CVE-2019 - 0676 , CVE-2019 - 0808 and CVE-2018 - 8653 . No info on assault tap CVE-2019 - 1367 were get accessible . Microsoft celebrated that , by nonremittal , Internet Explorer draw on all tolerate Windows Server adaptation in a cut back musical mode call off Enhanced Security Configuration , which would palliate danger . A workingaround has been allow to substance abuser who can not enforce the spot for JScript.dll but can issue the functionality of social occasion and constituent that bet on JScript.dll . Microsoft ’s minute prophylactic update on Monday plot of ground a serve vulnerability in Microsoft Defender , a Windows - base anti - malware creature . The vulnerability , chase after as CVE-2019 - 1255 , earmark an wrongdoer who bear accession to the mark organisation to ’ preclude legitimatize history from capital punishment logical arrangement binary program . ’ This exposure is besides affect by Microsoft Forehead Endpoint Protection 2010 , Security Essentials , and System Center Endpoint Protection . The Tech Giant has update its Microsoft Malware Protection Engine ( Version 1.1.16400.2 ) to get the exposure . well-nigh substance abuser are not want to playact because malware protection engine update are automatically render by nonremittal . researcher from F - Secure and Tencent uncover the job to Microsoft and there follow no substantiation that it was overwork in the unwarranted .