Critical Zero-Day Internet Explorer Vulnerability Exploited in the Wild

Microsoft has announced it is developing a patch for a zero-day Internet Explorer vulnerability that is currently being exploited in the wild. In the meantime, a workaround has been released which should be implemented as soon as possible to prevent exploitation of the vulnerability.

The vulnerability is present in Internet Explorer 9, 10 and 11 when used on Windows 7, 8.1, and 10, as well as Windows Server 2012, 2016, and 2019. An exploit for the zero-day vulnerability has been developed by a hacking group called DarkHotel.

The memory corruption vulnerability – CVE-2020-0674 – is present in the Jscript engine, specifically jscript.dll. The flaw can be exploited remotely and can allow execution of arbitrary code in the context of the current user. If the user has administrative privileges an attacker could take full control of a vulnerable system. The flaw could be exploited using a specially crafted webpage and convincing a user to visit that page, through a phishing email for example.

The vulnerability was reported to Microsoft by Google’s Threat analysis Group and Qihoo, with the latter discovering evidence to suggest DarkHotel is exploiting the flaw. At present the zero-day vulnerability is only being exploited in limited attacks.

It is currently unclear when the patch will be released, but it may not be until patch Tuesday – The second Tuesday in February. 0patch has announced that it will be releasing a micropatch later this week witch will stop Internet Explorer from loading jscript.dll. In the meantime, Microsoft suggests administrators should restrict access to jscript.dll by running certain commands. The workaround can be found on this link. If changes are made, they would need to be reversed before the next update. An alternative would be to stop using Internet Explorer until a patch is released.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news