20 Dec 2018

Microsoft issued an out-of-band security update to fix an actively exploited vulnerability in Internet Explorer.  This vulnerability which has been dubbed as ID CVE-2018-8653 was discovered by Google’s Threat Analysis Group when it was found that the vulnerability was used in targeted attacks.

This vulnerability is a remote code execution (RCE) flaw in the Internet Explorer’s scripting engine. The hackers can make use of this vulnerability to corrupt memory so that they could execute code under the security privileges of the logged in user. If the user is logged on as an administrator then the attacker who has been able to exploit the flaw can take control of an affected system. Then the attacker will be able to perform various commands on the computer such as installing programs; view, change, or delete data; or create new accounts with full user rights etc.

A remote attacker can target the victims by making them view a specially crafted web page or email attachment, MS Office document, PDF file etc. that supports embedded IE scripting engine content.

The IE zero-day vulnerability affects IE 9 on Windows Server 2008, IE 10 on Windows Server 2012, IE 11 from Windows 7 to Windows 10, and IE 11 on Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, Windows Server 2012 R2.

The technical details about the vulnerability, proof-of-concept exploit code, or details about the ongoing cyber-attack campaign utilizing this RCE bug has not been disclosed to the public.

All the users are highly recommended to install the latest updates at the earliest as the vulnerability is actively being exploited in the wild.

Those users who cannot deploy the patches now, can mitigate the vulnerability by removing privileges to the jscript.dll file for the Everyone group.

You can run the following command in the command prompt using admin privileges.

For 32-bit System — cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit System — cacls %windir%\syswow64\jscript.dll /E /P everyone:N

Though it is not recommended, Microsoft says that using this mitigation will not cause problems with Internet Explorer 11,10, or 9 as they use the Jscript9.dll by default.

It should be noted that the above command will force the web browser to use Jscript9.dll, but any website that relies on Jscript.dll will fail to render.

Leave your thought