Microsoft warned about an Internet Explorer (IE) vulnerability and published a security advisory. There is still no patch for this issue.
Microsoft issued an emergency security advisory for a new zero-day vulnerability in Internet Explorer (IE) browser. The company’s security advisory numbered as ADV200001 only includes workarounds and mitigations. The vulnerability, tracked as CVE-2020-0674, is a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer. It triggers through JScript.dll library.
Table of Contents
Taking control of an affected system
According to the security advisory, if the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email,” said in Microsoft’s security advisory.
Microsoft says it is working on a fix. It is estimated that these limited IE zero-day attacks can be part of a larger hacking campaign, which also involves attacks against Firefox users.
Mozilla warned about a critical security vulnerability earlier this month:
“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.”
Workarounds
By default, IE11, IE10, and IE9 use Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize JScript as the scripting engine.
Please note that mplementing these steps might result in reduced functionality for components or features that rely on jscript.dll.
Restrict access to JScript.dll
For 32-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%\system32\jscript.dll cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%\syswow64\jscript.dll cacls %windir%\syswow64\jscript.dll /E /P everyone:N takeown /f %windir%\system32\jscript.dll cacls %windir%\system32\jscript.dll /E /P everyone:N
How to undo the workaround
For 32-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone
For 64-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone cacls %windir%\syswow64\jscript.dll /E /R everyone
Source: 1