(figure from: Microsoft,viaMSPU)
For this vulnerability,Microsoft 公司总部所在地：美国 主要业务：软件 Explanation:
A vulnerability exists between the script processing engine and the access mode of the IE memory object through which an attacker can launch a remote code execution attack.
An attacker can use arbitrary code in the context of the current user to destroy memory and gain the same system access rights as the current user.
After that, an attacker may install malicious programs on the victim system, view, tamper with, delete data, and even create new accounts with full user rights.
In Web-based attack scenarios,An attacker may have a special website specifically targeting Internet Explorer browser vulnerabilities.Then trick users into accessing (e.g. by phishing e-mail).
However, after the security update is deployed, the system modifies the way the script engine accesses the memory object to fix this vulnerability.
This opportunity also introduced another bug repair program, which is a printer problem caused by an earlier patch (fixing the same IE vulnerability).
It fixed the intermittent problem of the print background processor service, and the affected users may encounter printing job failure, or even cause some programs to report errors or close (such as RPC errors).
KB4524147The update log also says:
This security update includes mitigation measures for IE browser script engine security vulnerabilities (CVE-2019-1367) and corrects some recent printing problems encountered by users.
It solves the problem that the change may not be completed when installing the on-demand function (FOD) (such as .net 3.5. Please restart your computer and try again, error code 0x800f0950'.