Microsoft wants you to grab these emergency security patches for Windows
One deals with a zero-day flaw in Internet Explorer and the other relates to Microsoft's Defender security software.
Microsoft has made available two separate security patches that fall outside of its regularly scheduled monthly updates. These emergency patches fix a zero-day flaw in Internet Explorer and a critical issue in its Windows Defender antivirus software that is built into Windows.
Starting with the former, the IE bug (and accompanying patch) is listed as CVE-2019-1367. It is a remote code execution flaw, and if left unpatched it could allow an attacker to run malicious code on a victim's machine.
"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," Microsoft explains.
That's pretty much the definition of a phishing email, and it serves as a reminder to be cautious of clicking on links in emails—it's typically better to type out a URL in your browser to avoid being duped.
If this bug is exploited, an attacker could gain the same user rights on a victim's machine as the owner and essentially take full control of the PC. The attacker could then view and siphon personal data, delete files, install malware, and so forth. It affects multiple versions of Windows, including Windows 10, 8.1, 7, and various Server builds.
The other vulnerability (and patch) is detailed in CVE-2019-1255. It's listed as a denial-of-service (DoS) flaw in Windows Defender, and if exploited an attacker could "prevent legitimate accounts from executing legitimate binaries." The applications would stop working, in other words, leaving an affected PC unprotected. This one also affects Windows 10, 8.1, 7, and some Server versions.
It is somewhat rare for Microsoft to release out-of-band security patches, which are those that fall outside of its Patch Tuesday rollouts (bundled security updates that arrive on the second Tuesday of every month). However, Microsoft does do this on occasion, depending on the severity of the situation.
The biggest gaming news, reviews and hardware deals
Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.
Paul has been playing PC games and raking his knuckles on computer hardware since the Commodore 64. He does not have any tattoos, but thinks it would be cool to get one that reads LOAD"*",8,1. In his off time, he rides motorcycles and wrestles alligators (only one of those is true).
The last thing I ever want to do is 'Learn more' or have you 'Remind Me Later': Microsoft is pushing fullscreen ads for Windows 11 laptops to people still using Windows 10
Despite an update 'mitigating' the problem, some Windows 11 users seemingly still can't change the date and time in settings—although there is a workaround