14 DAY TRIAL // Fixing the recently-acknowledged Internet Explorer zero-day in Windows could actually lead to other problems in the operating system, as some users discovered the hard way.
Microsoft confirmed that a zero-day issue affects Internet Explorer in all supported versions of Windows, explaining that a full fix is still on its way (and probably due on the February 11 Patch Tuesday).
In the meantime, however, the company provided impacted users with a workaround to secure their devices, essentially instructing them to restrict access to JScript.dll.
This mitigation, however, breaks down Windows printing, and undoing the workaround is pretty much the only way to restore this feature of the operating system. Users who turned to reddit to discuss this bug reveal that all printers are affected, regardless of manufacturing brand.
Attacks already spotted in the wild
In the original advisory, however, Microsoft also warns that some Windows features could be affected if the mitigation is applied, so it recommended the workaround “on if there is indication that you are under elevated risk.”
“Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. For example, depending on the environment, this could include client configurations that leverage proxy automatic configuration scripts (PAC scripts). These features and others may be impacted,” Microsoft explained.
According to Microsoft’s security advisory, an attacker exploiting this Internet Explorer vulnerability can take control of the device by simply pointing users to a specially crafted website.
“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email,” Microsoft says.
The company says attacks aimed at this flaw are already happening in the wild.