Windows 10 News and info | Forum
February 22, 2020, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances. New member registration currently disabled.
 
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
  Print  
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch  (Read 28 times)
javajolt
Administrator
Hero Member
*****
Offline Offline

Gender: Male
United States United States

Posts: 31075


I Do Windows


WWW Email
« on: January 21, 2020, 06:45:25 PM »
ReplyReply

A micropatch implementing Microsoft's workaround for the actively exploited zero-day remote code execution (RCE) vulnerability impacting Internet Explorer is now available via the 0patch platform until an official fix will be released.

Microsoft's advisory says that the company is aware of "limited targeted attacks" targeting the flaw tracked as CVE-2020-0674.

The vulnerability, reported by Clément Lecigne of Google’s Threat Analysis Group and Ella Yu from Qihoo 360, "could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user" according to Microsoft.

If the user is logged on with administrative permissions on a compromised device, attackers can take full control of the system allowing for program installation and data manipulation, or the possibility to create accounts with full user rights.

While no patch for this security issue has been provided so far, Redmond is working on a fix that could be pushed out as an out-of-band security update before next month's Patch Tuesday, just as it happened when a very similar Internet Explorer RCE zero-day was fixed in September 2019.



Implementing the workaround without the side effects

The critical CVE-2020-0674 flaw is present in jscript.dll and impacts Internet Explorer 9, 10, and 11 on multiple versions of Windows including Windows 7, Windows 8.1, Windows 10 and Windows Server.

While Microsoft provided a set of mitigation measures as a workaround for this issue, the company also said that implementing them "might result in reduced functionality for components or features that rely on jscript.dll."

As 0patch found, the mitigation provided by Redmond also comes with several other negative side effects including:

Quote
• Windows Media Player is reported to break on playing MP4 files.

• The sfc (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions, chokes on jscript.dll with altered permissions.

• Printing to "Microsoft Print to PDF" is reported to break.

• Proxy automatic configuration scripts (PAC scripts) may not work.


0patch created and released a micropatch for Internet Explorer 11, the latest version of the web browser, ready to be applied on fully-patched devices running of Windows 7, Windows 10 v1709/v1803/v1809, Windows Server 2008 R2, and Windows Server 2019.

Applying it on these systems will also protect Windows 7 and Windows Server 2008 R2 users that haven't enrolled in the Extended Security Updates program in the event that Microsoft won't be releasing security fixes for their platform.

"Our micropatch works like a switch that disables or enables the use of vulnerable jscript.dll by Internet Explorer's browser component in various applications (IE, Outlook, Word,...)," 0patch co-founder Mitja Kolsek explained.

"If you're a 0patch user, you already have this micropatch downloaded to all your online computers with 0patch Agent, and - depending on your settings - already automatically applied to all processes using the Internet Explorer 11 engine for rendering content.

This includes Internet Explorer (obviously), Microsoft Word, Microsoft Outlook, and a variety of other applications."

Windows Media Player (WMP) is the exception, with 0patch deciding against providing a micropatch for the app as it displays a security warning when a potential attacker would want to use it as an attack vector to display a remote website.

A video of the micropatch in action on a vulnerable device is embedded below.



"Our micropatch is designed to avoid negative side effects of Microsoft's workaround [..]," Kolsek added.

"It can also be easily reverted (un-applied) with a switch of a button without leaving any traces, while the workaround changes the ownership on jscript.dll."

The micropatch can be downloaded and applied after creating a 0patch account, downloading the 0patch Agent, and registering the agent on the device.

More information on what happens if you apply the micropatch and Microsoft's future patch on the same devices, as well as details on how to deploy it on your organization's network, can be found at the end of 0Patch's blog post on the CVE-2020-0674 micropatch.

source
« Last Edit: January 21, 2020, 06:56:02 PM by javajolt » Logged


Pages: [1]
  Print  
 
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page February 03, 2020, 09:21:31 AM