Just a warning that a Microsoft released two emergency out-of-band security updates today (23-Sep-2019) for Internet Explorer and Windows Defender for zero-day vulnerabilities that are apparently being exploited in the wild.

The more serious of the two is for a remote code execution (RCE) vulnerability CVE-2019-1367 impacting Internet Explorer in Win 7, Win 8.x and Win 10 as well as various Win Server OSs, and emergency patches must currently be downloaded and installed manually .  Links are provided in the AskWoody.com thread More on the unexpected manual-install-only Win10 cumulative updates and IE patch and Susan Bradley first reported a warning on AskWoody.com in Patch Lady – we have an “out of band” release.

The second is for a denial of service (DoS) security vulnerability CVE-2019-1255 for Windows Defender.  Sergui Gatlan's BleepingComputer.com article Microsoft Issues Windows Security Update for 0Day Vulnerability notes that "The last version of Microsoft's Malware Protection Engine affected by this vulnerability is Version 1.1.16300.1 and the vulnerability was addressed in Version 1.1.16400.2. Users don't need to take any actions to protect against CVE-2019-1255 exploitation since the Microsoft Malware Protection Engine comes with an auto-update feature that will automatically install the newly patched version within 48 hours of its availability."

EDIT:

Sergui Gatlan's BleepingComputer article notes that the Internet Explorer vulnerability "CVE-2019-1367 can be exploited by potential attackers by redirecting their targets to a maliciously crafted website which would trigger a remote code execution attack if the victim uses a vulnerable version of Internet Explorer (i.e., 9, 10, and 11)" so I assume Win Vista SP2 / IE9 (and possibly Win XP SP3 / IE8) users who still use Internet Explorer as their default browser are also affected.
-----------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.2.22

Hugh, its in "Programs and Features", then click "Turn windows features on or off".

Right but that still leaves the program so I would consider it more safe to use "uninstall" on the START menu, assuming that does not just do the same Turn off .... Or crash the system.....

Not tonight .....

Hugh, its in "Programs and Features", then click "Turn windows features on or off".

Cheers

Since I never use Internet Explorer I imagine I might as well just Uninstall it as provided for in the START menu? It's under Windows Accessories in my Windows 10 Pro 1903.

More info from ghacks.net       https://www.ghacks.net/2019/09/24/microsoft-releases-emergency-internet-explorer-security-update/

I indeed enabled periodic scanning and manually checked for update to WD, I now have the following version installed. Windows 10 / 1903 build 18362.357

Cheers

Hi SoulAsylum:

Try the instructions in Lawrence Abrahms' BleepingComputer tutorial How to Find the Windows Defender Version Installed in Windows 10.

I have a Dell Inspiron 5584 Win 10 Pro Ver 1903 Build 18362.295 laptop and I'm still using the the McAfee LiveSafe security software that came pre-installed at the factory, so my Windows Defender antivirus is automatically disabled.  When I followed those instructions I originally saw...

... but after enabling Period Scanning (Settings | Windows Security | Virus & Threat Protection | Windows Defender Antivirus Options) and running a manual check for updates (Settings | Windows Security | Virus & Threat Protection | Virus & Threat Protection Updates) I now see:

EDIT:

I assume it's only critical to be updated to the patched Microsoft's Malware Protection Engine Version 1.1.16400.2 if you use the Win 8.x / Win 10 Windows Defender antivirus (or Win 7 SP1 with Microsoft Security Essentials) for your primary real-time antivirus protection.

Thanks lmacri. Looking for those updates as we speak.

Edited: I don't see them being offered via LU on Windows 10 Pro / 1903, got the standalone installer. Since I don't use WD how will that update be delivered? Confused since I exclusively use Norton.

Cheers