Microsoft, on Friday, has published a security advisory detailing a zero-day vulnerability in Internet Explorer that's actively under attack. This vulnerability (CVE-2020-0674) is a scripting engine flaw which when exploited can lead to arbitrary code execution in the context of the current user. The flaw can be mitigated by restricting access to the JavaScript component JScript.dll, and there is no patch available so far. This forum thread will be updated with the patch information as soon as it's available.

Target Application: Microsoft Internet Explorer

CVE ID: CVE-2020-0674

Type of vulnerability: Remote code execution

Target component: JScript.dll

Patch status: Not available

Workaroud: 

Restrict access to JScript.dll

For 32-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\syswow64\jscript.dll

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

Impact of workaround: