CVE-2019-0990 : What You Need to Know
Learn about CVE-2019-0990, an information disclosure vulnerability in Microsoft Edge's scripting engine. Find out how to mitigate the risk and apply necessary patches.
A security vulnerability known as 'Scripting Engine Information Disclosure Vulnerability' in Microsoft Edge has been identified. This CVE is distinct from CVE-2019-1023.
Understanding CVE-2019-0990
What is CVE-2019-0990?
An information disclosure vulnerability in Microsoft Edge arises from the scripting engine's improper handling of objects in memory.
The Impact of CVE-2019-0990
This vulnerability could allow attackers to access sensitive information through the scripting engine in Microsoft Edge.
Technical Details of CVE-2019-0990
Vulnerability Description
The 'Scripting Engine Information Disclosure Vulnerability' in Microsoft Edge allows unauthorized disclosure of information due to memory object mismanagement.
Affected Systems and Versions
- Microsoft Edge on various Windows versions including Windows 10, Windows Server, and different architectures
- ChakraCore on ChakraCore
Exploitation Mechanism
The vulnerability can be exploited by malicious actors to retrieve sensitive data from affected systems.
Mitigation and Prevention
Immediate Steps to Take
- Apply the latest security updates from Microsoft
- Consider using alternative browsers until the patch is applied
Long-Term Security Practices
- Regularly update software and systems to prevent vulnerabilities
- Implement security best practices to protect against information disclosure
Patching and Updates
- Microsoft has released patches addressing this vulnerability