Jump to content

(RCE) Internet Explorer 11 Releases Temporary Patch for Critical Vulnerability

Recommended Posts



On the 0patch platform, a temporary micropatch has been made available for the actively exploited vulnerability (CVE-2020-0674) of remote code execution in Internet Explorer 11 until an official patch from Microsoft is released.

According to Microsoft, exploiting the vulnerability “allows memory corruption in such a way that an attacker could execute arbitrary code in the context of the current user.” If a user logs in to the system with administrator rights on a compromised device, attackers can gain full control over the system, which allows you to install malicious programs, manipulate data or create accounts with full user rights.

The critical vulnerability is contained in jscript.dll and affects Internet Explorer versions 9, 10, and 11 on devices running Windows 7, Windows 8.1, Windows 10, and Windows Server.

Although Microsoft has proposed a number of measures to prevent exploitation of the vulnerability, their implementation "may lead to a decrease in the functionality of components or functions that depend on jscript.dll." The workaround is also accompanied by a number of other negative side effects, including Windows Media Player refusal to run MP4 files, printing disruption through Microsoft Print to PDF, and denial of proxy auto-configuration scripts.

The micropatch is ready for use on devices running Windows 7, Windows 10 (v1709, v1803, v1809), Windows Server 2008 R2, and Windows Server 2019.

“Our micropatch works on the principle of a switch that prohibits or allows the use of the vulnerable jscript.dll file by the Internet Explorer browser component in various applications (IE, Outlook, Word, etc.),” explained Mitja Kolsek, co-founder of 0patch.

Users can download the micropatch on the 0patch platform after creating an account, downloading the 0patch agent, and registering the agent on the device.





Source: https://www.securitylab.ru/news/504304.php

  • Upvote 1

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...