Microsoft reports Zero-Day Internet Explorer vulnerability exploited in the wild

A Microsoft security
advisory
published last Friday warns users of a zero-day vulnerability affecting
Internet Explorer 9, 10 and 11 when running on Windows 7 (recently
discontinued
), 8.1, 10, Server 2008, Server 2012, Server 2016, and Server
2019. 

The vulnerability, indexed as CVE-2020-0674, “could corrupt
memory in such a way that an attacker could execute arbitrary code in the
context of the current user,” reads the advisory. The bug, which poses a
moderate risk, was identified in the way the scripting engine handles objects
in memory of Internet Explorer and triggers through JScript.dll library.

Moreover, attackers “who successfully exploited the
vulnerability could gain the same user rights as the current user and gain control
of an affected system. An attacker could then install programs; view, change,
or delete data; or create new accounts with full user rights.”

Microsoft also warns that, “In a web-based attack scenario,
an attacker could host a specially crafted website that is designed to exploit
the vulnerability through Internet Explorer and then convince a user to view
the website, for example, by sending an email.”

To prevent attacks on vulnerable systems, Microsoft provides users a
workaround until a patch is available, emphasizing that “reduced functionality for components or features that rely on
jscript.dll” is possible. The
company also mentions that the mitigations steps provided should only be
applied “if there is indication that you are under elevated risk”.

Users can restrict
access to Jscript.dll by following the steps below:

For 32-bit systems,
enter the following command at an administrative command prompt:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems,
enter the following command at an administrative command prompt:

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

How to undo the workaround

For 32-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone   

For 64-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

As of December 2019, almost 2% of Internet browsing was done
using IE, despite Microsoft warning about the security risks it poses. Aware of
the targeted attacks in the wild, Microsoft is now working on a fix that should
be available in the Patch Tuesday scheduled for February 11th.

Leave a Reply

Your email address will not be published.

Scroll to top