Of these two, the first is a remote code execution (RCE) fault, registered as CVE-2019-1367. This zero-day vulnerability affects the 9, 10 and 11 versions of Internet Explorer (which are still widely used) and exploits how the "Microsoft scripting engine handles objects in IE memory".
According to Microsoft, hackers could exploit this vulnerability by attracting potential targets (using spam messages, malware, search engine ads, IM spam, etc.) to visit a site infected with Internet Explorer vulnerability.
The defect it could corrupt the system memory and allow attackers to execute arbitrary code within the legitimate user. Exploiting the defect enables an attacker to achieve the same user rights as the legitimate user.
Therefore, if a user logs on as a system administrator, a successful attack could allow hackers to gain full control of the affected systemic. Once it has administrator privileges, the attacker will be able to edit or delete data, install new programs, and create new accounts.
This RCE vulnerability is already done exploit, according to Microsoft.
The patch to resolve this vulnerability can only be installed manually after downloading the patch from the Microsoft Update Catalog.
The second vulnerability that has been fixed is the Denial of Service (DoS) error that affects the Windows Defender tool.
Has been registered as CVE-2019-1255 and found by Wenxu Wu and Charalampos Billinis of Tencent Security Xuanwu Lab and F-Secure Countercept, respectively.
Microsoft said an attacker could exploit this error to prevent legitimate users from running legitimate system binaries. However, they first need to execute the system in order to exploit the vulnerability.
So far, there are no reports as to whether their error has been exploited hackers