Internet Explorer flaw being exploited by hackers

Jan 18, 2020 06:12 GMT  ·  By

Microsoft has confirmed that a zero-day flaw in Internet Explorer is being exploited by malicious actors.

The vulnerability, impacts all Windows 10 versions, Windows 8.1, and the recently-discontinued Windows 7. Microsoft rated it as “moderate” on Windows Server devices and “critical” on client versions of Windows.

Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 are all affected.

The remote code execution could allow cybercriminals to obtain the same rights as the logged-in user, which in the case of an administrator account means they could get full control of the compromised device.

An attacker can be carried out through a crafted website, Microsoft explains.

“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft says in an advisory.

Microsoft says it’s already working on a fix, but in the meantime, users are recommended to apply a manual workaround that would protect devices against exploits.

This workaround is critical given that “Microsoft is aware of limited attacks,” as pointed in the advisory.

Manual workaround

Microsoft says that users can manually block exploits by restricting access to JScript.dll. To do this on a 32-bit system, the following commands must be ran in an elevated command prompt:

code
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
On a 64-bit device, these commands are required:
code
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
Once a patch is available, users can manually undo the workaround using these commands:
code
32-bit systems
cacls %windir%\system32\jscript.dll /E /R everyone
code
64-bit systems
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone
The next Patch Tuesday takes place on February 11, but there’s a chance Microsoft publishes an out-of-band security fix in the coming days.