INTERNET EXPLORER ZERO-DAY EXPLOIT THAT COULD BE EXPOSING YOU TO THREAT

Security

The vulnerability could potentially be harnessed by attackers to view, change or delete data without the victim’s knowhow.



Just about 3 days back, Microsoft shared with the public how some vulnerabilities in its operating system had been discovered by the NCA and a patch which required an update to protect users from risk.

Not long after, it came to their attention again that a zero-day vulnerability was also present in the Internet Explorer browser which is being taken advantage of, widely by attackers and hackers globally, to which they published an advisory warning users of the risks involved and threat identified, even though they are yet to come up with a patch to fix the issue.

Dubbed CVE-2020-0674, the vulnerability is identified as a remote code execution flaw which can be found in the scripting engine and how it handles objects in the memory of Internet Explorer and triggers through Jscript.dll library in the Internet Explorer 9,10 and 11 versions running of Windows 7, 8.1 and 10 operating systems respectively, according to an article from thehackernews.com.

The Microsoft team is yet come up with a patch for the vulnerability but have shared ways to get around it


The advisory published by Microsoft stated,

The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.

If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Spanning the various ways with which attackers could potentially use the flaw to their advantage, Microsoft however shared some ways users can shield themselves from this vulnerability saying that by preventing the loading of Jscript.dll library, users can actively hinder attackers from exploiting the flaw.

The step by step process to restrict the vulnerability is as follows for 32-bit systems;

takeown / f% windir% \ system32 \ jscript.dll
cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

They continued for 64-bit systems, stating,

takeown / f% windir% \ syswow64 \ jscript.dll
cacls% windir% \ syswow64 \ jscript.dll / E / P everyone: N
takeown / f% windir% \ system32 \ jscript.dll
cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

And added that pending a released update or patch for the problem, users can revert the settings to remove the restrictions by executing these commands on the 32 and 64-bit systems respectively;

cacls %windir%\system32\jscript.dll /E /R everyone

and,

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

While there is no telling who actually uses Internet Explorer on today’s internet, it is better to assume that safety precedes all else. Guided by the workarounds shared by the Microsoft team, users should be able to protect their data and devices from the prying eyes and thieving hands of attackers worldwide. It goes without saying that once an update is released, users must make it a point to keep up with installing them.

0 Comments

Write a comment

    Write a Comment

    view all comments
    Read before write a comment! Read the guidelines