Earlier this week, Microsoft announced a zero-day vulnerability in Internet Explorer, which is already being exploited for "limited targeted attacks." The problem received the identifier CVE-2020-0674 and is associated with a vulnerability in the Firefox browser, which became known in early January. Apparently, the mentioned "limited attacks" are part of a larger hacker campaign, which also included attacks on users of Firefox.
The problem is connected with the IE script engine and violation of the integrity of memory information. Exploiting the vulnerability allows an attacker to execute arbitrary code in the context of the current user. To do this, just lure the IE user to a malicious site.
According to Microsoft, the vulnerability affects Internet Explorer 9, 10 and 11 when running on Windows 7, 8.1, 10, Server 2008, Server 2012, Server 2016 and Server 2019. However, there is no official patch for the vulnerability yet; instead, recommendations were published instead on safety (ADV200001) to reduce risks. Interestingly, the measures described by Microsoft can "lead to a decrease in the functionality of components or functions that depend on jscript.dll."
Specialists at ACROS Security, the developer of the 0patch solution, have discovered that Microsoft recommendations can lead to a number of negative side effects, including:
- Windows Media Player stops playing MP4 files;
- The sfc tool, which checks the integrity of protected system files and replaces the wrong versions with the correct ones, has problems with jscript.dll with changed permissions;
- Printing via Microsoft Print to PDF is broken;
- PAC scripts may not work.
This platform is designed specifically for such situations, that is, fixes for 0-day and other unpatched vulnerabilities to support products that are no longer supported by manufacturers, custom software, and so on. As a result, the developers of 0patch prepared and released micropatch for Internet Explorer 11, ready for use on devices running Windows 7, Windows 10 1709, 1803 and 1809, Windows Server 2008 R2 and Windows Server 2019. It is reported that the patch is suitable for users of Windows 7 and Windows Server 2008 R2 for which Microsoft is unlikely to release fixes.
“Our micropatch works as a switch that disables or enables the use of the vulnerable jscript.dll file by the Internet Explorer browser component in various applications (IE, Outlook, Word, and so on). In addition, our micropatch is designed in such a way as to avoid negative side effects that may occur after applying Microsoft recommended methods to neutralize the problem, ”the developers explain.
It is worth noting that Windows Media Player is an exception: the 0patch micropatch does not work for this application, since it in any case displays a security warning if a potential attacker tries to use it as an attack vector.