Microsoft has reported about 0-day vulnerability in Internet Explorer, which hackers already exploit for “limited targeted attacks.”Microsoft issued a security notice, where presented ways to avoid critical vulnerability in Internet Explorer, exploited by cybercriminals in real-life attacks.
According to the notification, the vulnerability (CVE-2020-0674) is related to the way the script engine processes objects in the browser memory. The bug is present in IE9 running on Windows Server 2008, IE10 on Windows Server 2012 and IE11 on Windows 7, 8.1, RT 8.1, 10.
Vulnerability can cause memory corruption, which allows an attacker to execute arbitrary code in the context of the current user. If the current user logged on with administrator privileges, an attacker who successfully exploited this vulnerability could take control of the vulnerable system”, — says the notification.
If the authorized user is the administrator, the attacker will receive full control over the system – he will be able to install and uninstall programs, perform various actions with data and create accounts with full user rights.
To conduct a web attack, an attacker must create a specially configured site that can exploit the vulnerability, and then lure the victim to it. For example, using a link attached in an email. While Microsoft said it was aware that the IE zero-day is being exploited in the wild, the company described these as “limited targeted attacks,” suggesting the zero-day was not broadly exploited, but rather that it was part of attacks aimed at a small number of users.
However, not all IE users are at risk.
By default, IE11, IE10, and IE9 use Jscript9.dll, which is not affected by this vulnerability”, — Microsoft said.
This vulnerability affects only some websites that use jscript as a scripting mechanism.
Microsoft patched two similar IE zero-days in September and November 2019. Although IE is not the default browser in the latest Windows OS versions anymore, the browser is still installed with the OS. Users on older Windows releases are the ones primarily at risk.
Microsoft is currently working on a patch that may go beyond planned updates, as is the case with the September patch for Internet Explorer Zero Day Vulnerability (CVE-2019-1367).
Microsoft has lately been on the verge of scandal – most recently, the US national security agency warned the company about one of the most dangerous vulnerabilities in the history of Windows, but Microsoft released a patch pretty quickly last week. Let’s see how quickly the current problem will be solved. So far, there is only information about mitigation.
By default, Internet Explorer on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 runs in a restricted mode that is known as Enhanced Security Configuration. Enhanced Security Configuration is a group of preconfigured settings in Internet Explorer that can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server. This is a mitigating factor for websites that you have not added to the Internet Explorer Trusted sites zone.
User Review( votes)