Pierluigi Paganini
January 18, 2020
Microsoft has published a security advisory (ADV200001) that includes mitigations for a zero-day remote code execution (RCE) vulnerability, tracked as CVE-2020-0674, affecting Internet Explorer.
Security Advisory – Microsoft Guidance on Scripting Engine Memory Corruption – for more information please visit: https://t.co/C3W9Y6saTu
— Security Response (@msftsecresponse) January 17, 2020
The tech giant confirmed that the CVE-2020-0674 zero-day vulnerability has been actively exploited in the wild.
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.” reads the advisory published by Microsoft. “An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
An attacker could exploit the flaw to can gain the same user permissions as the user logged into the compromised Windows device. If the user is logged on with administrative permissions, the attacker can exploit the flaw to take full control of the system.
The CVE-2020-0674 flaw could be triggered by tricking victims into visiting a website hosting a specially crafted content designed to exploit the issue through Internet Explorer.
Microsoft announced that it is currently working on a patch to address the vulnerability, the company will likely release an out-of-band update because attackers are already exploiting the flaw in the wild.
Microsoft suggests restricting access to JScript.dll using the following workaround to mitigate this zero-day flaw.
For 32-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:NFor 64-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:NThe company warns that implementing these mitigation might impact the functionality for components or features that use the jscript.dll.
“Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. To be fully protected, Microsoft recommends the update be installed as soon as possible. Please revert the mitigation steps before installing the update to return to a full state.” continues the advisory.
To undo the workaround, use the following procedures.
For 32-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone For 64-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(
[adrotate banner=”5″]
[adrotate
banner=”13″]
