Microsoft Warns Of Unpatched IE Browser Zero-Day That’s Under Active Attacks

Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks

January 24, 2020, Kathmandu

Although Microsoft has launched the new Microsoft Edge browser as a replacement to its highly criticized Internet Explorer, the problems with the IE browser still roam on the internet.

Microsoft released an emergency advisory notice that warns the users of Windows OS about the new zero-day vulnerability of the browser. According to the company, potential hackers are attacking computers through CVE-2020-0674 vulnerability. No patch has been released by Microsoft till now, and users are requested to handle the browser with care.

With moderate vulnerability ratings, the CVE-2020-0674 is a remote code execution interrupt that is prevalent in the way the scripting machine handles objects in memory of the IE browser. Microsoft claims that the affected browsers include- IE 9,10 and 11 currently operating on Windows 10, 8.1 and the Windows 7 OS that met its end of support recently.

According to the advisory released by Microsoft, the exploitation of the issue can be manually blocked by preventing the loading of the JScrpit.dll library that triggers the issue.

Run the following commands on your Windows System:

For 32-bit systems:

takeown / f% windir% \ system32 \ jscript.dll

cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

For 64-bit systems:

takeown / f% windir% \ syswow64 \ jscript.dll

cacls% windir% \ syswow64 \ jscript.dll / E / P everyone: N

takeown / f% windir% \ system32 \ jscript.dll

cacls% windir% \ system32 \ jscript.dll / E / P everyone: N

Once the company releases a patch update, you’ll need to undo the block by using the following commands:

For 32-bit systems:

cacls %windir%\system32\jscript.dll /E /R everyones

cacls %windir%\system32\jscript.dll /E /R everyone

cacls %windir%\syswow64\jscript.dll /E /R everyone

LEAVE A REPLY

Please enter your comment!
Please enter your name here