You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Microsoft has made available two separate security patches that fall outside of its regularly scheduled monthly updates. These emergency patches fix a zero-day flaw in Internet Explorer and a critical issue in its Windows Defender antivirus software that is built into Windows.
Starting with the former, the IE bug (and accompanying patch) is listed as CVE-2019-1367. It is a remote code execution flaw, and if left unpatched it could allow an attacker to run malicious code on a victim's machine.
"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," Microsoft explains.
That's pretty much the definition of a phishing email, and it serves as a reminder to be cautious of clicking on links in emails—it's typically better to type out a URL in your browser to avoid being duped.
If this bug is exploited, an attacker could gain the same user rights on a victim's machine as the owner and essentially take full control of the PC. The attacker could then view and siphon personal data, delete files, install malware, and so forth. It affects multiple versions of Windows, including Windows 10, 8.1, 7, and various Server builds.
The other vulnerability (and patch) is detailed in CVE-2019-1255. It's listed as a denial-of-service (DoS) flaw in Windows Defender, and if exploited an attacker could "prevent legitimate accounts from executing legitimate binaries." The applications would stop working, in other words, leaving an affected PC unprotected. This one also affects Windows 10, 8.1, 7, and some Server versions.
It is somewhat rare for Microsoft to release out-of-band security patches, which are those that fall outside of its Patch Tuesday rollouts (bundled security updates that arrive on the second Tuesday of every month). However, Microsoft does do this on occasion, depending on the severity of the situation.
