Earlier this week, Microsoft announced about vulnerability in Internet Explorer, which is already exploited for “limited targeted attacks”. Now arrived temporary patch for this 0-day vulnerability in Internet Explorer.The problem received the identifier CVE-2020-0674 and it is associated with a vulnerability in the Firefox browser. Apparently, the mentioned “limited attacks” are part of a larger hacker campaign, which also included attacks on Firefox users.
“The problem is with the IE script engine and violation of the integrity of memory information. Exploiting the vulnerability allows an attacker to execute arbitrary code in the context of the current user. To do this, just lure the IE user to a malicious site”, — say Microsoft experts.
According to Microsoft, the vulnerability affects Internet Explorer 9, 10 and 11 when running on Windows 7, 8.1, 10, Server 2008, Server 2012, Server 2016 and Server 2019. However, there is no official patch for the vulnerability yet; instead were published safety (ADV200001) to help reduce risks. Interestingly, described by Microsoft measures can “lead to reduced functionality of components or functions that depend on jscript.dll.
Specialists at ACROS Security, the developer of the 0patch solution, have discovered that Microsoft recommendations can lead to a number of negative side effects, including:
- Windows Media Player stops playing MP4 files;
- The sfc tool, which checks the integrity of protected system files and replaces the incorrect versions with the correct ones, experiences problems with jscript.dll with changed permissions;
- Printing via Microsoft Print to PDF is broken;
- PAC scripts may not work.
This platform is designed specifically for such situations, as fixing for 0-day and other unpatched vulnerabilities to support products that are no longer supported by manufacturers, custom software, and so on. As a result, the developers of 0patch prepared and released a micropatch for Internet Explorer 11, ready for use on devices running Windows 7, Windows 10 1709, 1803 and 1809, Windows Server 2008 R2 and Windows Server 2019. It is reported that the patch is suitable for users of Windows 7 and Windows Server 2008 R2, for which Microsoft is unlikely to release hotfixes.
Our micropatch works as a switch that disables or enables the use of the vulnerable jscript.dll file by the Internet Explorer browser component in various applications (IE, Outlook, Word, and so on). In addition, our micropatch is designed in such a way as to avoid negative side effects that may occur after applying the methods recommended by Microsoft to neutralize the problem”, — the developers explain.
It is worth noting that Windows Media Player is an exception: the 0patch micropatch does not work for this application, since it in any case displays a security warning if a potential attacker tries to use it as an attack vector.
How scary it is to live with Windows: only recently I told you that the next day after the release of the fix for one of the most dangerous vulnerabilities in the history of Windows, security researcher Saleem Rashid demonstrated how it can be used to present a malicious site as any site on the Internet in terms of cryptography.