By 
A serious bug in a Microsoft scripting engine has been fixed as part of Microsoft’s Patch Tuesday security roundup.
On the other hand, Adobe has repaired as many as 11 vulnerabilities across its Animate, Illustrator, Media Encoder and Bridge products. The company says know about any attacks abusing these flaws and based on the priority ratings assigned to the vulnerabilities, they are not likely to be exploited for malevolent purposes.
In Microsoft, the flaw is found in Internet Explorer and lets an attacker perform rogue code if a victim is wheedled into visiting a malicious web page, or, if they are fooled into opening a specially crafted Office document.
Microsoft said: “An attacker who successfully exploits the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker…could take control of an affected system.”
Under an Office document attack situation, the software giant said a rival might insert an ActiveX control marked “safe for initialization” in an Office document. If reset, the malicious document could then be directed to a rogue website, booby-trapped with specially created content that could exploit the flaw.
Google has apprised Microsoft of numerous actively exploited Windows and Internet Explorer flaws in the past year, people generally do not know about the attacks. In numerous cases, though, these faults were possibly exploited in targeted attacks rather than mass exploitation campaigns.
In contrast, it has been highlighted that other threat groups could also begin abusing CVE-2019-1429 since the patch is now accessible to them.
Microsoft has fixed a slew of other major flaws this month that allow remote code execution.
