Microsoft Patches Actively Exploited Internet Explorer Zero-Day

Microsoft released security updates to patch an actively exploited zero-day remote code execution (RCE) vulnerability impacting multiple versions of Internet Explorer.

In the middle of January 2020, Microsoft released an advisory about an Internet Explorer zero-day vulnerability (CVE-2020-0674) that was publicly disclosed and being actively exploited by attackers.

The flaw, reported by Clément Lecigne of Google’s Threat Analysis Group and Ella Yu from Qihoo 360, “could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user” according to Microsoft.

If the user is logged on with administrative permissions on a compromised device, attackers could take full control of the system allowing for program installation and data manipulation, or the possibility to create accounts with full user rights.

Mitigation issues

A security fix was not available at the time and Microsoft only released mitigation measures that removed permission to jscript.dll so that the security vulnerability could not be exploited by attackers on unpatched systems.

However, the mitigations provided by Microsoft were breaking printing due to printer drivers and software utilizing the now nerfed jscript.dll.

For users who needed to print and still have their systems protected, 0Patch released a micropatch that resolved the CVE-2020-0674 vulnerability without the printing issues.

With the February Patch Tuesday updates, Microsoft released formal security updates for the ‘CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability‘ allowing customers to patch the vulnerability without having to deal with the downsides stemming from the previously recommended mitigations.

It is not known at this time if today’s security updates addressing this IE flaw will continue to cause issues with printing, so be on the lookout for those issues.

Links to the articles detailing the changes and the Microsoft Update Catalog download pages for each security update are available below.