Actively Exploited Internet Explorer Flaw Patched by Microsoft

Microsoft has issued an out of band update for Internet Explorer to correct a vulnerability that is being actively exploited in the wild. The Internet Explorer flaw was found by Clement Lecigne at Google’s Threat Analysis Group, who reported the vulnerability to Microsoft.

The remote code execution flaw, tracked as CVE-2018-8653, is in the Internet Explorer scripting engine, which handles memory objects. If the flaw is exploited, an attacker could corrupt the memory in a way that allows the execution of arbitrary code with the same level of privileges as the current user.

If the attack occurs while a user is logged in that has administrative rights, an attacker would be able to take full control of the user’s device and install programs, change or delete data, or create new accounts with full admin rights.

For the flaw to be exploited, a user would need to visit a specially crafted web page containing the exploit code. This could be achieved through malvertising – malicious adverts that redirect users to the malicious webpages – or by sending emails containing a hyperlink to the malicious web page.

Updates have been released for:

  • Internet Explorer 11 on Windows 10
  • Windows 8.1
  • Windows 7 SP1
  • Internet Explorer 10 on Windows Server 2012
  • Internet Explorer 9 on Windows Server 2008

Naturally, the updates should be applied as soon as possible, although interim measures can be taken until the update is applied to protect against attack. Microsoft suggests privileges to the jscript.dll file for the Everyone group should be removed. This will not have any adverse effects for users of Internet Explorer 9, 10, or 11, which use the jscript9.dll file by default.

To change privileges on 32-bit systems, enter the following command at an admin command prompt:

cacls %windir%\system32\jscript.dll /E /P everyone:N

On 64-bit systems, enter the following command:

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

No details have been released to date on current attacks that are exploiting this vulnerability. Google has yet to supply that information to Microsoft.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of