Internet Explorer zero-day vulnerability actively under-attack

Internet Explorer zero-day vulnerability actively under-attack

Microsoft, on Friday, has published a security advisory detailing a zero-day vulnerability in Internet Explorer that's actively under attack. This vulnerability (CVE-2020-0674) is a scripting engine flaw which when exploited can lead to arbitrary code execution in the context of the current user. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and there is no patch available so far. This forum thread will be updated with the patch information as soon as it's available.

 

 

Target Application: Microsoft Internet Explorer

CVE ID: CVE-2020-0674

Type of vulnerability: Remote code execution

Target component: JScript.dll

Patch status: Not available

Workaroud: 

Restrict access to JScript.dll

 

For 32-bit systems, enter the following command at an administrative command prompt:

 

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

 

For 64-bit systems, enter the following command at an administrative command prompt:

 

takeown /f %windir%\syswow64\jscript.dll

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

 

Impact of workaround:

Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. Also, please revert the mitigation steps before installing the patches to return to a full state.

                New to ADSelfService Plus?