Tue. Feb 18th, 2020

Microsoft confirms Internet Explorer vulnerability has been exploited but no security updates

2 min read

The latest security bulletin issued by Microsoft’s Security Response Center states that a zero-day vulnerability in Internet Explorer has been found in the wild and used by hackers.

This problem occurs when the browser scripting engine processes certain objects in memory, and the attacker can then execute arbitrary code remotely with high risk.

At this stage, although Microsoft is aware of the existence of this vulnerability, it is still developing a solution, so now all users cannot directly fix the vulnerability through updates.

According to Microsoft’s description, this vulnerability is mainly located in the script engine component of the browser, which may cause errors such as memory corruption when executing certain specific content.

An attacker can remotely trigger this vulnerability and damage the memory to obtain the same permissions as the current user. If the user is an administrator, an attacker can obtain administrative permission.

With administrator-level permissions, an attacker can make arbitrary modifications, view or delete user data, or even take complete control of a user’s computer.

At the level of a network attack, hackers can mainly create phishing websites or emails to exploit this flaw. When using the IE browser to load this specially crafted website, the vulnerability will be triggered. Microsoft says all supported Windows and Windows Servers are affected, Windows 7/Server 2008 R2 is also affected.

Microsoft is currently researching this vulnerability and developing potential solutions, so the corresponding security update may need to wait until February 11th.

Security updates with test nature may be released later this month with cumulative updates. Enterprises and users seeking stability should not install test updates for the time being.

Therefore, the solution is to use Microsoft’s mitigation measures to restrict access to the JScript.dll component, which will help prevent potential network attacks. Of course, restricting the call may affect some websites using the JScript programming language.

The mitigations provided by Microsoft are as follows:

Restrict access to JScript.dll

For 32-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

How to undo the workaround

For 32-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone

For 64-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone 
cacls %windir%\syswow64\jscript.dll /E /R everyone