Why ANY Web Browser Is Still Not Safe…

Menlo Security customers are 100% protected against a recent zero-day exploit in Internet Explorer. The exploit CVE-2019-1367 and CVE-2019-1255 is being actively used in limited attacks.

 

Chrome, Firefox, Apple IoS and now Internet Explorer….

If you are wondering what we are talking about and guessed browser zero days, then you are absolutely right. Microsoft issued an OOB patch for two critical vulnerabilities CVE-2019-1367 and CVE-2019-1255 on 09/23/2019. OOB patches are usually issued by Microsoft when there is an indication that a vulnerability is being actively exploited by bad actors in the wild.

CVE-2019-1367 is a flaw in the scripting engine responsible for parsing and executing Javascript in all Internet Explorer versions, resulting in unpatched Windows machines being exposed to this Zero-Day vulnerability. It looks eerily similar to the flaw exploited in CVE-2018-8653. The mitigation provided by Microsoft for both these vulnerabilities is the same:

For 32-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%system32jscript.dll
cacls %windir%system32jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%syswow64jscript.dll
cacls %windir%syswow64jscript.dll /E /P everyone:N
takeown /f %windir%system32jscript.dll
cacls %windir%system32jscript.dll /E /P everyone:N

Both attacks are targeting jscript.dll, the script execution engine. jscript9.dll, the default Javascript engine starting with IE9, is immune to this flaw, but jscript.dll is still used by IE for some websites. We speculate that attackers were able to trigger the use of jscript.dll on a site they either control or infected. This is another reminder that browsers are a prime target and that bad actors are investing heavily in finding and exploiting browser vulnerabilities.

How does Menlo protect you?
Customers using Menlo Isolation Secure Web Gateway to isolate all websites are completely protected from CVE-2019-1367 and any zero-day browser attack.

Menlo’s unique architectural approach executes webpages on isolated browsers in its cloud and all active content (Javascript, Flash,) is fetched and executed there. Menlo then mirrors the rendered content to the end user’s machine using its patented technology, preventing attacks that exploit such vulnerabilities

Menlo customers can rest easy – no need to go scrambling to patch browsers, as Menlo Security’s isolation completely thwarts this attack.

Menlo labs is currently gathering more details and will update the blog as and when more details emerge.

 

Check out the recommended strategy for Secure Web Access from Gartner and Magic Quadrant for Secure Web Gateway to see why Menlo continues to be the answer to security concerns.


*** This is a Security Bloggers Network syndicated blog from Menlo Security Blog authored by Vinay Pidathala. Read the original post at: https://www.menlosecurity.com/blog/why-any-web-browser-is-still-not-safe