Microsoft issues security advisory and workaround for Critical IE vulnerability (CVE-2020-0674)

Microsoft issues security advisory and workaround for new IE vulnerability

Microsoft issued a new security advisory for a Critical Internet Explorer (IE) vulnerability. Attackers could exploit the scripting engine memory corruption vulnerability CVE-2020-0674 in IE and execute arbitrary code.

Just a few days after January Patch Tuesday, Microsoft published the advisory on Friday, January 17. The company also added updated workaround guidelines over the weekend.

Microsoft IE contains a scripting engine used to handle the execution of scripting languages, such as VBScript and Jscript. A component of JScript contains the memory corruption vulnerability CVE-2020-0674.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” Microsoft warned in the advisory.

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

Microsoft rated the vulnerability Critical for multiple Windows 10, Windows 8.1 and Windows 7 operating systems (OS).

The company also rated the vulnerability as Moderate on Windows Server OS (2008, 2012, 2016 and 2019). Microsoft said all versions of Windows Server run in a restricted mode known as Enhanced Security Configuration.  As a benefit, these pre-configured settings can help reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server.

In addition, the CERT Coordination Center (CERT/CC) also warned that exploits of the vulnerability have been detected in the wild.

Workarounds

Until a permanent patch is available, Microsoft issued workaround steps to reduce the risk of elevated attacks. However, the company warned that the workarounds could result in reduced client functionality.

In addition, Microsoft said organizations will need to revert back the changes prior to installing future updates.

Microsoft recommends organizations restrict access to JScript.dll as described below.

For 32-bit Windows systems, enter the following command at an administrative command prompt:

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit Windows systems, enter the following command at an administrative command prompt:

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N

Steps to undo the above changes are also available in the published advisory.

Microsoft confirmed there is no patch available yet, but is working on a fix.