Microsoft Issues Emergency Patch For Under-Attack IE Zero Day

December 28, 2018 - Cyber Security
Microsoft Issues Emergency Patch For Under-Attack IE Zero Day

Microsoft today released an alarming security update to fix a zero-day vulnerability for Internet Explorer. The vulnerability reported by a Google, security engineer.

The Company rarely mentions Internet Explore anymore, but when it does, it usually means bad news.

Today, Microsoft issued a rare security update to plug a critical vulnerability in still- supported IE9, IE10 & IE11. Google security engineer Clement Lecigne reported the flaw.

According to the advisory, a non-specified memory corruption vulnerability exists in the scripting engine JScript. The fragility could corrupt memory in a way that an attacker could execute arbitrary code.

According to Microsoft, attackers are already exploiting in the wild to hack into Windows computers. Whether the vulnerability used successfully, it could allow attackers to execute arbitrary code in the user’s systems.

Discovered by security researchers Clement Lecigne of Googles Threat Analysis Group, the vulnerability is tracked as CVE-2018-8653.

Neither Google nor Microsoft, both Companies, has yet not publicly disclosed any technical info. About the IE zero-day vulnerability, proof-of-concept exploits code, or details about the ongoing cyber attack campaign utilising this RCE bug.

The zero-day vulnerability is exploited actively in wild which makes its a critical zero-day flaw, Window’s users are securely recommended to install the latest update released by Microsoft as soon as possible.

Though it is not recommended, users who didn’t want to deploy patches can temper the threat by restricting access to a jscript.dll file by giving the following command in cmd prompt using admin privileges

For 32-bit Sys — cacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit Sys — cacls %windir%\syswow64\jscript.dll /E /P everyone: N

It should be noted that the given command will force the IE web browser to use Jscript9.dll, but any website that requests on Jscript.dll will fail to render.

Leave a Reply

Your email address will not be published. Required fields are marked *