Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Microsoft Patches Active Internet Explorer Zero Day Exploit

Microsoft Patches Active Internet Explorer Zero Day Exploit

Leia em Português

This item in japanese

Microsoft has issued an out-of-band update for a critical vulnerability in Internet Explorer (IE) scripting engine that could lead to remote code execution. The vulnerability is actively exploited in the wild, according to Tenable research engineer Satnam Narang, and users should update their systems as soon as possible.

Multiple IE versions are affected, Narang says, including Internet Explorer 11 on all recent Windows and Windows Server version since 2012 (Windows 7, 8, and 10 and Windows Server 2012, 2016, and 2019); Internet Explorer 9 on Windows Server 2008; and Internet Explorer 10 on Windows Server 2012.

Microsoft said the vulnerability is being used in "targeted attacks", which could mean users are targeted through the sending of email or other equivalent means to visit a website forged to exploit visiting browsers:

If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

Microsoft has not made public much detail about the flaw behind this vulnerability, beyond the vague clarification it is caused by the way the Internet Explorer jscript scripting engine handled objects in memory. For those who might want to protect their systems before they install Microsoft’s patch, a workaround is available which consists in disabling access to jscript.dll. In fact, jscript.dll happens to implement an older version of the jscript scripting engine that is still present for compatibility reasons but has been superseded by jscript9.dll, which is used by default in Internet Explorer from 9 to 11. Disabling jscript.dll would thus impair only those websites that specifically require to use it instead of jscript9.dll, which could include crafted websites.

To disable jscript.dll on 32-bit systems, you can run the following command as administrator:

cacls %windir%\system32\jscript.dll /E /P everyone:N

On 64-bit systems, you can run:

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

To patch their systems, users should enable Windows Update and apply the latest security updates.

Rate this Article