Summary:
Recent Internet Explorer has been observed with zero-day remote code execution vulnerability attacks. To address Microsoft’s Internet Explorer (IE) web browser RCE vulnerability CVE-2020-0674 Microsoft published an advisory ADV200001.
Description:
jscript.dll is the vulnerable component for IE 11, and moderate for IE 9 and IE 10. Memory corruption at ease by an attacker leads to RCE in the context of the current user. Even potential administrative rights can be achieved if the user is logged on as an administrator. Users can be tricked through techniques such water-hole using malicious documents in mails or other such social-engineering experiments.
“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system,” Microsoft explained. “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
Microsoft has already published a workaround that restricts access to Jscript.dll: as the patch would be under development process.
For 32-bit systems:
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit systems:
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
Advisory:
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
Affected Products:
Internet Explorer 9 through 11 on
- Microsoft Windows 7 through 10
- Microsoft Windows Server 2008 through Server 2016.
Mitigation:
There has been recent tweet on Jan 21,2020 regarding CVE-2020-0674 patch work. Creating user policy or group policy on network traffic to block IE is a good option as well.
Qualys customers can scan their network with QID#100400 to detect vulnerable assets. Kindly continue to follow on Qualys Threat Protection for more coverage on vulnerabilities.
References & Sources:
- https://www.youtube.com/watch?time_continue=19&v=ixpBN_a2cHQ&feature=emb_title
- https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001