Microsoft announced on Friday that it’s in the process of developing a patch for a zero-day vulnerability in Internet Explorer that has been exploited in targeted attacks, reportedly by a threat group tracked as DarkHotel. Until a fix becomes available, the company has shared some workarounds and mitigations.
The flaw, tracked as CVE-2020-0674 and described as a memory corruption issue, affects the scripting engine in Internet Explorer, specifically a JScript component. The problematic component is a library named jscript.dll, which provides compatibility with a deprecated version of the JScript scripting language.
According to Microsoft, the vulnerability can be exploited for remote code execution in the context of the targeted user. The attacker must convince the target to visit a specially crafted website in order to exploit the vulnerability. The flaw can be leveraged to take control of an affected system if the targeted user has administrator privileges.
Microsoft says the vulnerability impacts Internet Explorer 9, 10 and 11 when running on Windows 7, 8.1, 10, Server 2008, Server 2012, Server 2016, and Server 2019.
The company says the risk is mitigated on Windows Server because Internet Explorer runs by default in a restricted mode named Enhanced Security Configuration, which reduces the chances of a user or admin downloading and running malicious content on a server.
The tech giant has also pointed out that all supported versions of Internet Explorer use Jscrip9.dll by default, which is not affected by the vulnerability. However, the flaw affects certain websites that rely on jscript as the scripting engine.
Until a patch is released, Microsoft has advised users to enter specific administrative commands to restrict access to jscript.dll. Users will later need to revert this workaround before installing any future updates.
Microsoft says it has le ..
Support the originator by clicking the read the rest link below.
