itman 1,803 Posted January 18, 2020 Posted January 18, 2020 (edited) No patch available and currently being exploited: Quote Overview The Microsoft Internet Explorer Scripting Engine contains a memory corruption vulnerability, which can allow a remote, unauthenticated attacker to execute arbitrary code. Description Microsoft Internet Explorer contains a scripting engine, which handles execution of scripting languages such as VBScript and JScript. The scripting engine JScript component contains an unspecified memory corruption vulnerability. Any application that supports embedding Internet Explorer or its scripting engine component may be used as an attack vector for this vulnerability. This vulnerability was detected in exploits in the wild. Impact By convincing a user to view a specially crafted HTML document (e.g., a web page an email attachment), PDF file, Microsoft Office document, or any other document that supports embedded Internet Explorer scripting engine content, an attacker may be able to execute arbitrary code. Solution The CERT/CC is currently unaware of a practical solution to this problem. Please consider the following workaround: Restrict access to jscript.dlljscript.dll is a library that provides compatibility with a deprecated version of JScript that was released in 2009. Blocking access to this library can prevent exploitation of this and similar vulnerabilities that may be present in this old technology. When Internet Explorer is used to browse the modern web, jscript9.dll is used by default. https://kb.cert.org/vuls/id/338824/ Edited January 18, 2020 by itman
Most Valued Members Nightowl 206 Posted January 19, 2020 Most Valued Members Posted January 19, 2020 (edited) Internet Explorer should be blocked through Group Policy in work environments , and for sure not to be used at Home. Edited January 19, 2020 by Rami
itman 1,803 Posted January 19, 2020 Author Posted January 19, 2020 (edited) 5 hours ago, Rami said: Internet Explorer should be blocked through Group Policy in work environments Microsoft's recommendation is the use of IE11 "Enhanced Security Policy." The problem with that is it includes setting the Internet zone protection to High. This pretty much means you have to whitelist all web sites that are used. Also, standard user account logon is a mitigation since this exploit requires admin privileges. I applied the recommended command line changes w/o any issues. These basically restrict jscript.dll to standard user privileges. Edited January 19, 2020 by itman
Recommended Posts