Microsoft reports Zero-Day Internet Explorer vulnerability exploited in the wild

A Microsoft security advisory published last Friday warns users of a zero-day vulnerability affecting Internet Explorer 9, 10 and 11 when running on Windows 7 (recently discontinued), 8.1, 10, Server 2008, Server 2012, Server 2016, and Server 2019. 

The vulnerability, indexed as CVE-2020-0674, “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user,” reads the advisory. The bug, which poses a moderate risk, was identified in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.

Moreover, attackers “who successfully exploited the vulnerability could gain the same user rights as the current user and gain control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft also warns that, “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

To prevent attacks on vulnerable systems, Microsoft provides users a workaround until a patch is available, emphasizing that “reduced functionality for components or features that rely on jscript.dll” is possible. The company also mentions that the mitigations steps provided should only be applied “if there is indication that you are under elevated risk”.

Users can restrict access to Jscript.dll by following the steps below:

For 32-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

How to undo the workaround

For 32-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone   

For 64-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

As of December 2019, almost 2% of Internet browsing was done using IE, despite Microsoft warning about the security risks it poses. Aware of the targeted attacks in the wild, Microsoft is now working on a fix that should be available in the Patch Tuesday scheduled for February 11th.


*** This is a Security Bloggers Network syndicated blog from HOTforSecurity authored by Alina Bizga. Read the original post at: https://hotforsecurity.bitdefender.com/blog/microsoft-reports-zero-day-internet-explorer-vulnerability-exploited-in-the-wild-22103.html