Zero-Day Vulnerability in Internet Explorer

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://heimdalsecurity.com/blog/security-alert-0-day-vulnerability-in-internet-explorer/
A new malicious code is wreaking havoc in corporate IT networks by exploiting a 0-day vulnerability in Internet Explorer.

Even if this browser is not the default one used by endpoints within your organization, you still have reason to be concerned. The malicious code gets into your systems through email and has the potential to corrupt the internal memory and afterward execute arbitrary code.
Click to expand...
According to our intel, this malicious code has been abused in targeted attacks delivered through spear phishing. The 0-day vulnerability in Internet Explorer can be activated by attackers either via a drive-by attack or through a malicious link sent to the target through email.

The vulnerability has been assigned CVE ID: CVE2020-0674 and has been the topic of an official warning from Microsoft. This is a vulnerability that can be abused to corrupt memory via jscript and thereby execute arbitrary code on vulnerable systems. According to Microsoft, the remote code execution vulnerability could allow attackers to handle objects in memory in Internet Explorer through the scripting engine. Once an attacker obtains access to an endpoint in this manner, they could then gain the same user rights as the current user of that endpoint, and execute arbitrary code remotely.
Click to expand...
Is there an update to address this vulnerability? No, Microsoft is aware of this vulnerability and working on a fix.
Click to expand...
 
  • Like
  • Applause
  • +Reputation
Reactions: Fel Grossi, shmu26, Mercenary and 12 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
It is inconceivable !!!
Instead, there is a temporary mitigation:

securityaffairs.co

Microsoft provides mitigation for actively exploited CVE-2020-0674 IE 0Day

Microsoft published a security advisory to warn of an Internet Explorer (IE) zero-day vulnerability that is currently being exploited in the wild.
securityaffairs.co securityaffairs.co

For 32-bit systems, enter the following command at an administrative command prompt:
Click to expand...

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N[/QUOTE]

For 64-bit systems, enter the following command at an administrative command prompt:
Click to expand...
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
Click to expand...

betanews.com

0patch releases micropatch for Internet Explorer vulnerability -- including for Windows 7

At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674) being actively exploited, but for Windows 7 users the vulnerability was exposed right after their operating system reached the end of its life.
betanews.com betanews.com
 
  • Like
Reactions: [correlate], Fel Grossi, Nevi and 7 others
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
The Microsoft way of information is inconceivable.
Moreover, the uninstallation of I.E. does not end the problems of a zero day.
Because if the vulnerability also lies in the accessory dlls that can come into play in other applications ..... you are equally vulnerable.
The best way not to be vulnerable is to not use apps that use the I.E. engine.
If of course we know what these apps are.
This problem is obviously greater in OS prior to Windows 10.
I put below a non-exhaustive list of what I wrote above:

Trident (software) - Wikipedia

en.wikipedia.org en.wikipedia.org
 
  • Like
Reactions: plat, [correlate], bribon77 and 2 others
show-Zi

show-Zi

Level 36
Verified
Top Poster
Well-known
Jan 28, 2018
2,463
Sampei Nihira said:
The Microsoft way of information is inconceivable.
Moreover, the uninstallation of I.E. does not end the problems of a zero day.
Because if the vulnerability also lies in the accessory dlls that can come into play in other applications ..... you are equally vulnerable.
The best way not to be vulnerable is to not use apps that use the I.E. engine.
If of course we know what these apps are.
This problem is obviously greater in OS prior to Windows 10.
I put below a non-exhaustive list of what I wrote above:

Trident (software) - Wikipedia

en.wikipedia.org en.wikipedia.org
Click to expand...
The dedicated browser for the Japanese bulletin board I use uses the IE engine. This may be a rather worrisome vulnerability, as there are many users in Japan.:unsure:

Umbra said:
IE is the first thing i disable after a clean install ^^
Click to expand...
Windows and IE are boss-employee relationships. If you fire your employees early, you're hurting your Windows boss's pride.:LOL:
 
  • Like
  • HaHa
Reactions: RKRN3, [correlate], upnorth and 2 others
F

ForgottenSeer 823865

Yeah, MS Is quite (purposely?) obscure about documenting their features, and you can see this "mindset" in the OS features themselves, no much explanations of what they do or may break.
 
  • Like
Reactions: Protomartyr, show-Zi and [correlate]
A

Azure

Level 28
Verified
Top Poster
Content Creator
Oct 23, 2014
1,712
Umbra said:
Yeah, MS Is quite (purposely?) obscure about documenting their features, and you can see this "mindset" in the OS features themselves, no much explanations of what they do or may break.
Click to expand...
Is almost like they think no one will ever use their secret hidden OS features.
 
  • Like
Reactions: show-Zi and [correlate]
Sampei Nihira

Sampei Nihira

Level 6
Verified
Well-known
Dec 26, 2019
287
Microsoft recommends that Windows 7 users replace I.E.11 with the new Edge Chromium:

news.softpedia.com

The Future of Internet Explorer in Windows

Microsoft Edge is Microsoft’s choice going forward
news.softpedia.com news.softpedia.com

........Given Microsoft Edge is also available on Windows 7, Microsoft recommends users to install this version – once they do this, the Chromium Microsoft Edge becomes the new default browser on the operating system, replacing Internet Explorer.............
Click to expand...
 
  • Like
Reactions: show-Zi, plat, silversurfer and 1 other person
blackice

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,763
Umbra said:
Yeah, MS Is quite (purposely?) obscure about documenting their features, and you can see this "mindset" in the OS features themselves, no much explanations of what they do or may break.
Click to expand...
At this point maybe they aren’t sure themselves what these features do.
 
  • Like
Reactions: SunMan09 and show-Zi
You must log in or register to reply here.

Similar threads

[correlate]
    • Like
The stack buffer overflow vulnerability leads to arbitrary code execution in UEFI application on multiple HP devices.
Replies
0
Views
1,246
News Archive
[correlate]
[correlate]
Gandalf_The_Grey
    • Like
Google: State hackers still exploiting Internet Explorer zero-days
Replies
0
Views
641
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
upnorth
    • Like
    • Thanks
Security News Ivanti warns of critical vulnerability in its Endpoint Protection software
Replies
4
Views
3,503
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top