Large leak in Internet Explorer is already being exploited in the wild

A new zero-day vulnerability has been discovered in Microsoft Internet Explorer. The new leak is already being exploited and a security update is not yet available.

ie internet explorer logo

Microsoft released a security warning last Friday. A major vulnerability has been discovered in Internet Explorer 9 to 11, which is already being exploited for Web attacks. Microsoft speaks of “limited, targeted attacks” in this context. The company is working on a security update. Until then, there is only a workaround to make it more difficult for the attackers.

The vulnerability, now identified as CVE-2020-0674, is in the script module “JScript.dll”. This module is not responsible for Javascript, but only for Microsoft’s own scripting language JScript. JScript is hardly used anymore, because it only works in IE. For today’s ubiquitous Javascript, Internet Explorer has access to the “Jscript9.dll” library, which Microsoft says has not been compromised.

In principle, all supported Windows versions are affected. For desktop systems (Windows 7 to 10), the gap is classified as critical. Internet Explorer on Windows Server 2008 to 2019, by contrast, runs by default in a limited mode, the so-called “Enhanced Security Configuration”. If the website prepared for the attack is not in the Trusted Sites zone, the risk of a successful attack is reduced.

While Microsoft states that it is working on a security update, leave it open if such an update will be available for the next regular patch Tuesday on February 11. Microsoft indicates earlier that security updates are delivered on fixed data for good reasons. Until an update is available, Microsoft recommends that you restrict access rights to the JScript.dll file.

This is how you set the restrictions via the command prompt with administrator rights and the command “cacls”:

Under 32 bit Windows you do that as follows:

takeown /f %windir%system32jscript.dll
cacls %windir%system32jscript.dll /E /P jeder:N


Bij de 64-bit versie van Windows gebruik je de volgende commando's:

takeown /f %windir%syswow64jscript.dll
cacls %windir%syswow64jscript.dll /E /P jeder:N
takeown /f %windir%system32jscript.dll 
cacls %windir%system32jscript.dll /E /P jeder:N 

Als de patch binnen is, moet je de toegepaste beperkingen op de volgende manier opheffen:


32-bit Windows:

cacls %windir%system32jscript.dll /E /R jeder 

64-Bit Windows:

cacls %windir%syswow64jscript.dll /E /R jeder 
cacls %windir%system32jscript.dll /E /R jeder 

 

For private users, however, it makes more sense not to use Internet Explorer at all, something Microsoft has already indicated. Internet Explorer is hopelessly outdated and may only be used for internal purposes if this is necessary for compatibility reasons. For the rest, Edge, Firefox, Chrome and other browsers are clearly the better choice.

 

Recent Articles

Related Stories