A few days ago, Microsoft announced the existence of a zero-day vulnerability found in Internet Explorer (IE) and is already being used by hackers .
So far, the company has provided some risk mitigation advice , but no patches have been released to fix the vulnerability and protect the systems.
However, he said that experts have already begun working to address the security issue .
While Microsoft said it was aware of the zero day vulnerability in Internet Explorer and its exploitation by hackers, it said that there had been few attacks , indicating that the vulnerability was not used to target many victims, but was part of a number of targeted attacks. users.
Experts believe the vulnerability is being used as part of a wider hacking campaign that targets Firefox users .
Link to the zero- day vulnerability in Firefox, which was fixed last week
Last week, Mozilla fixed a similar zero-day vulnerability, which was also used by hackers to attack Firefox users. The vulnerability was discovered by Qihoo 360 , which informed Mozilla.
The researchers of Qihoo 360, had written in a tweet (that does not exist now) that attackers exploited and another zero-day vulnerability (beyond this in Firefox), which targeted users of Internet Explorer. Obviously, they were referring to this particular zero day vulnerability, announced by Microsoft.
There is no information yet on the attacker or the nature of the attacks.
RCE vulnerability in Internet Explorer
How did Microsoft describe the vulnerability?
The vulnerability lies in the way the scripting engine handles things in memory in Internet Explorer. This problem could allow an attacker to execute code. The attacker who successfully exploits the vulnerability can gain the same user rights as the victim user . If the user is logged on with user administrator rights, the attacker will be able to take control of an entire system. This means that they will be able to do anything (eg install programs, edit or delete data, create accounts, etc.).
According to Microsoft, all versions of Windows desktop and Server OS are vulnerable.
This zero-day RCE vulnerability is also known as CVE-2020-0674 .
Internet Explorer is not the default browser in the latest versions of Windows OS, but it is still used. Users with earlier versions of Windows are at greater risk.
Microsoft suggests restricting access to JScript.dll using the following workaround to mitigate this zero-day flaw.
For 32-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%\system32\jscript.dll cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%\syswow64\jscript.dll cacls %windir%\syswow64\jscript.dll /E /P everyone:N takeown /f %windir%\system32\jscript.dll cacls %windir%\system32\jscript.dll /E /P everyone:N
The company warns that implementing these mitigation might impact the functionality for components or features that use the jscript.dll.
“Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. To be fully protected, Microsoft recommends the update be installed as soon as possible. Please revert the mitigation steps before installing the update to return to a full state.” continues the advisory.