Zero-Day Vulnerability in Internet Explorer

upnorth

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,403
2
65,358
6,699
Sweden
Content source
https://heimdalsecurity.com/blog/security-alert-0-day-vulnerability-in-internet-explorer/
A new malicious code is wreaking havoc in corporate IT networks by exploiting a 0-day vulnerability in Internet Explorer.

Even if this browser is not the default one used by endpoints within your organization, you still have reason to be concerned. The malicious code gets into your systems through email and has the potential to corrupt the internal memory and afterward execute arbitrary code.
Click to expand...
According to our intel, this malicious code has been abused in targeted attacks delivered through spear phishing. The 0-day vulnerability in Internet Explorer can be activated by attackers either via a drive-by attack or through a malicious link sent to the target through email.

The vulnerability has been assigned CVE ID: CVE2020-0674 and has been the topic of an official warning from Microsoft. This is a vulnerability that can be abused to corrupt memory via jscript and thereby execute arbitrary code on vulnerable systems. According to Microsoft, the remote code execution vulnerability could allow attackers to handle objects in memory in Internet Explorer through the scripting engine. Once an attacker obtains access to an endpoint in this manner, they could then gain the same user rights as the current user of that endpoint, and execute arbitrary code remotely.
Click to expand...
Is there an update to address this vulnerability? No, Microsoft is aware of this vulnerability and working on a fix.
Click to expand...
 
  • Like
  • Applause
  • +Reputation
Reactions: Fel Grossi, shmu26, Mercenary and 12 others
It is inconceivable !!!
Instead, there is a temporary mitigation:

securityaffairs.co

Microsoft provides mitigation for actively exploited CVE-2020-0674 IE 0Day

Microsoft published a security advisory to warn of an Internet Explorer (IE) zero-day vulnerability that is currently being exploited in the wild.
securityaffairs.co securityaffairs.co

For 32-bit systems, enter the following command at an administrative command prompt:
Click to expand...

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N[/QUOTE]

For 64-bit systems, enter the following command at an administrative command prompt:
Click to expand...
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
Click to expand...

betanews.com

0patch releases micropatch for Internet Explorer vulnerability -- including for Windows 7

At the end of last week, a serious vulnerability was discovered in Internet Explorer, affecting all versions of Windows. Not only is the bug (CVE-2020-0674)
betanews.com betanews.com
 
  • Like
Reactions: [correlate], Fel Grossi, Nevi and 7 others
The Microsoft way of information is inconceivable.
Moreover, the uninstallation of I.E. does not end the problems of a zero day.
Because if the vulnerability also lies in the accessory dlls that can come into play in other applications ..... you are equally vulnerable.
The best way not to be vulnerable is to not use apps that use the I.E. engine.
If of course we know what these apps are.
This problem is obviously greater in OS prior to Windows 10.
I put below a non-exhaustive list of what I wrote above:

Trident (software) - Wikipedia

en.wikipedia.org en.wikipedia.org
 
  • Like
Reactions: plat, [correlate], bribon77 and 2 others
Sampei Nihira said:
The Microsoft way of information is inconceivable.
Moreover, the uninstallation of I.E. does not end the problems of a zero day.
Because if the vulnerability also lies in the accessory dlls that can come into play in other applications ..... you are equally vulnerable.
The best way not to be vulnerable is to not use apps that use the I.E. engine.
If of course we know what these apps are.
This problem is obviously greater in OS prior to Windows 10.
I put below a non-exhaustive list of what I wrote above:

Trident (software) - Wikipedia

en.wikipedia.org en.wikipedia.org
Click to expand...
The dedicated browser for the Japanese bulletin board I use uses the IE engine. This may be a rather worrisome vulnerability, as there are many users in Japan.:unsure:

Umbra said:
IE is the first thing i disable after a clean install ^^
Click to expand...
Windows and IE are boss-employee relationships. If you fire your employees early, you're hurting your Windows boss's pride.:LOL:
 
  • Like
  • HaHa
Reactions: RKRN3, [correlate], upnorth and 2 others
Umbra said:
Yeah, MS Is quite (purposely?) obscure about documenting their features, and you can see this "mindset" in the OS features themselves, no much explanations of what they do or may break.
Click to expand...
Is almost like they think no one will ever use their secret hidden OS features.
 
  • Like
Reactions: show-Zi and [correlate]
Microsoft recommends that Windows 7 users replace I.E.11 with the new Edge Chromium:

news.softpedia.com

The Future of Internet Explorer in Windows

Microsoft Edge is Microsoft’s choice going forward
news.softpedia.com news.softpedia.com

........Given Microsoft Edge is also available on Windows 7, Microsoft recommends users to install this version – once they do this, the Chromium Microsoft Edge becomes the new default browser on the operating system, replacing Internet Explorer.............
Click to expand...
 
  • Like
Reactions: show-Zi, plat, silversurfer and 1 other person
Umbra said:
Yeah, MS Is quite (purposely?) obscure about documenting their features, and you can see this "mindset" in the OS features themselves, no much explanations of what they do or may break.
Click to expand...
At this point maybe they aren’t sure themselves what these features do.
 
  • Like
Reactions: SunMan09 and show-Zi
You must log in or register to reply here.

You may also like...