Internet Explorer Suffering From ‘Actively Exploited’ Zero-Day Vulnerability But Microsoft Hasn’t Released Patch Yet – Here’s A Simple But Temporary Workaround

A security flaw within the aging but still actively used Internet Explorer, the ‘default’ web browser for Microsoft Windows operating system, is being actively exploited by attackers and malicious code writers. Although Microsoft is acutely aware of the Zero-Day Exploit in IE, the company has currently issued an emergency security advisory. Microsoft is yet to issue or deploy an emergency security patch update to address the security vulnerability in Internet Explorer.

A 0-Day Exploit within Internet Explorer is being reportedly exploited by attackers ‘in the wild’. Simply put, a newly discovered flaw in IE is being actively used to remotely execute malicious or arbitrary code. Microsoft has issued a security advisory warning millions of Windows OS users about the new zero-day vulnerability in the Internet Explorer web browser but is yet to release a patch to plug the concerning security loophole.

Security Vulnerability In Internet Explorer, Rated ‘Moderate’ Being Actively Exploited In The Wild:

The newly discovered and reportedly exploited security vulnerability in Internet Explorer is officially tagged as CVE-2020-0674. The 0-Day Exploit is rated ‘Moderate’. The security loophole is essentially a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer. The bug triggers through the JScript.dll library.

By successfully exploiting the bug, a remote attacker can execute arbitrary code on targeted computers. Attackers can take full control over the victims just by convincing them into opening a maliciously crafted web page on the vulnerable Microsoft browser. In other words, the attackers can deploy a phishing attack and trick Windows OS users using IE into clicking on weblinks that lead the victims into a tainted website which are laced with malware. Interestingly, the vulnerability cannot grant administrative privileges, unless the user itself is logged on as an Administrator, indicated the Microsoft Security Advisory:

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Microsoft Aware Of IE Zero-Day Exploit Security Vulnerability And Working On A Fix:

It is concerning to note that nearly all versions and variants of Internet Explorer are vulnerable to the 0-Day Exploit. The affected web browsing platform includes Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11. Any of these versions of IE can be running on all versions of Windows 10, Windows 8.1, Windows 7.

Although Microsoft has terminated free support to Windows 7, the company is still supporting the aging and already obsolete IE web browser. Microsoft has reportedly indicated that it is aware of ‘limited targeted attacks’ in the wild and working on a fix. However, the patch isn’t ready yet. In other words, millions of Windows OS users who work on IE, continue to remain vulnerable.

Simple But Temporary Workarounds To Safeguard Against The Zero-Day Exploit In IE:

The simple and workable solution to protect against the new 0-Day Exploit in IE relies on preventing the loading of the JScript.dll library. In other words, IE users must prevent the library from loading into memory to manually block the exploitation of this vulnerability.

As the 0-Day Exploit in IE is being actively exploited, Windows OS users who work with IE must follow the instructions. To restrict access to JScript.dll, users must run following commands on your Windows system with administrator privileges, reported TheHackerNews.

For 32-bit systems:

takeown / f% windir% \ system32 \ jscript.dll

cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

 

For 64-bit systems:

takeown / f% windir% \ syswow64 \ jscript.dll

cacls% windir% \ syswow64 \ jscript.dll / E / P everyone: N

takeown / f% windir% \ system32 \ jscript.dll

cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

Microsoft has confirmed that it would deploy the patch soon. Users who run the abovementioned commands could experience a few websites behaving erratically or failing to load. When the patch is available, presumably through Windows Update, users can undo the changes by running the following commands:

For 32-bit systems:

cacls %windir%\system32\jscript.dll /E /R everyone

 

For 64-bit systems:

cacls %windir%\system32\jscript.dll /E /R everyone

cacls %windir%\syswow64\jscript.dll /E /R everyone


Tags
Close