Category: Microsoft|Jan 19, 2020 | Author: Admin

Microsoft offers workaround to mitigate the IE Scripting Engine Memory Corruption Vulnerability

Share on

Clément Lecigne of Google’s Threat Analysis Group reported about an IE vulnerability that allowed remote execution of code via Internet Explorer.

ie_11_logo.jpg

Clément Lecigne of Google’s Threat Analysis Group reported about an IE vulnerability that allowed remote execution of code via Internet Explorer. The vulnerability lies in the way the scripting engine handles objects in memory in IE. Microsoft has disclosed the issue, and also offered a workaround for this Scripting Engine Memory Corruption Vulnerability (CVE-2020-0674).

By default, IE11, IE10, and IE9 use Jscript9.dll and are not impacted by this vulnerability. This vulnerability only affects certain websites that utilize JScrip.dll as the scripting engine.

How does an attacker execute remote code?
An attacker can set up a trap by sending a link to a specially crafted website over email. When the victim clicks on the link, the code will exploit the vulnerability through Internet Explorer

Workaround to mitigate IE Scripting Engine Memory Corruption Vulnerability
Once you have applied the patch, it will result in reduced functionality for components or features that rely on jscript.dll. However, it still doesn’t offer full protection, and it will be best not to use IE unless a permanent fix is rolled out. We highly recommend you to move to Microsoft Edge until the update becomes available. Microsoft is expected to patch this on its upcoming Patch Tuesday updates.

 
Restrict access to JScript.dll
For 32-bit systems, enter the following command at an administrative Command Prompt:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

How to undo the workaround
Microsoft recommends reverting the mitigation steps before installing the update to return to a full state. Else any access to JScirpt.dll will suffer reduced functionality.

For 32-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone

For 64-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone

Microsoft also shared that Internet Explorer on Windows Server copies (2008/2012/2016) run in a restricted mode known as Enhanced Security Configuration. It reduces the likelihood of a user or administrator downloading and running specially crafted web content on a server.

 

Sponsored Ads:

Comments:


Slack.jpg

Slack begins rolling out video and audio message ‘clips’

Category: General|Sep 22, 2021 | Author: Admin
roku.webp

Roku's free OS 10.5 lets you dictate passwords, fixes pesky sound lags on headphones

Category: IT|Sep 21, 2021 | Author: Admin
Apple.webp

Some good news and some strange news from Apple

Category: Apple|Sep 20, 2021 | Author: Admin
broken-windows-header.jpg

New Windows security updates break network printing

Category: Microsoft|Sep 19, 2021 | Author: Admin
Project-Taara-1155x770.webp

Sent 700tb over 4 km of laser technology

Category: IT|Sep 18, 2021 | Author: Admin
Fiber.jpg

'Massive' transatlantic data cable landed on beach in Bude

Category: Google|Sep 17, 2021 | Author: Admin
Discord.png

YouTube shuts down Discord music bot ‘Rythm’

Category: Google|Sep 16, 2021 | Author: Admin
Facebook.webp

Facebook's secret rules differentiate between the "elite" and most people

Category: General|Sep 15, 2021 | Author: Admin
Apple.webp

Apple suddenly had to crisis-update the iPhone and Mac

Category: Apple|Sep 14, 2021 | Author: Admin
Epic.webp

Epic is blocked forever on all Apple platforms

Category: Apple|Sep 13, 2021 | Author: Admin
Desktop-Screenshot.png

NVIDIA To Launch GeForce RTX 30 SUPER ‘Ampere Refresh’ In January 2022, GeForce RTX 40 ‘Ada Lovelace’ GPUs in October 2022

Category: General|Sep 12, 2021 | Author: Admin
chrome-os-secret-weapon-100856418-large.jpg

3 smart shortcuts for a curiously hidden Chrome OS command

Category: Google|Sep 11, 2021 | Author: Admin
sunset-gold-iphone-13-render.png

iPhone 13 unveiled in Ukraine

Category: Apple|Sep 10, 2021 | Author: Admin
iCloud.jpg

Apple brings iCloud passwords to Windows, Microsoft's Edge

Category: Apple|Sep 9, 2021 | Author: Admin
AI.webp

AI will determine if you are allowed to drive

Category: General|Sep 8, 2021 | Author: Admin
more