New Internet Explorer zero-day exploited in the wild
Jan. 20, 2020
Patch not out until next month.
A new bug affecting Microsoft's Internet Explorer web browser is being exploited in the wild, allowing attackers to take control of systems with the logged-in user's privileges.
The vulnerability affects Internet Explorer 9, 10 and 11 on Windows 7, 8.1, RT 8.1, 10, Server 2008, 2008 R2, Server 2012, Server 2016, and Server 2019.
A specially crafted webpage or HTML document rendered in Internet Explore can trigger the attack, which the United States Computer Emergency Response Team warned about over the weekend.
The limited attacks were targeted, Microsoft said without providing further information.
As has been the case on numerous occasions in the past, the vulnerability is a memory corruption flaw caused by Windows scripting engine that Internet Explorer uses.
Microsoft suggested as a workaround that users restrict address to the JScript.dll file that provides the scripting engine functionality.
On 32-bit Windows, the below commands can be issued in administrative command prompt to restrict access to JScript.dll:
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
The equivalent on 64-bit systems is:
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
Applying the above commands could result in reduced functionality for components and features that rely on JScript.dll, Microsoft warned.
Once the patch is out, the cacls command can be used to remove the access restrictions with the /E /R everyone parameters.
Microsoft intends to release a patch for the vulnerability with its regular set of security fixes on the second Wednesday of next month.