Not only Microsoft but also the Department of Homeland Security (DHS) Cybersecurity & Infrastructure Security Agency (CISA), warned that hackers are actively exploiting a zero-day vulnerability in Internet Explorer. The bug, which is CVE-2020-0674, is considered as a critical flaw for IE 11, and moderate for IE 9 and IE 10 because it can allow remote code execution and complete takeover. According to the statement Microsoft made on January 17th, 2020, this bug exists in the way that the jscript.dll scripting engine handles objects in memory in the browser. Besides, the attackers can exploit the vulnerability through IE by using a specific malicious website. In order to do so, attackers can lure victims to the site by sending an email through water-hole techniques. The email would contain malicious documents including a web link or other social engineering efforts. Fortunately, Microsoft has released a micropatch from 0patch on January 21st, 2020, and workarounds are available in the meantime.
There are other negative side effects of the workaround that the micropatch avoids:
- Windows Media Player is reported to break on playing MP4 files.
- The sfc (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions, chokes on jscript.dll with altered permissions.
- Printing to “Microsoft Print to PDF” is reported to break.
- Proxy automatic configuration scripts (PAC scripts) may not work.
Microsoft explained that
“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
After Microsoft’s advisory, CISA also warned users that
“users and administrators to review Microsoft’s Advisory ADV20001 and CERT/CC’s Vulnerability Note VU#338824 for more information, implement workarounds, and apply updates when available.”
Contact LIFARS Immediately if Your
Organization was Hit with a Data Breach