January 24, 2020, Kathmandu
Although Microsoft has launched the new Microsoft Edge browser as a replacement to its highly criticized Internet Explorer, the problems with the IE browser still roam on the internet.
Microsoft released an emergency advisory notice that warns the users of Windows OS about the new zero-day vulnerability of the browser. According to the company, potential hackers are attacking computers through CVE-2020-0674 vulnerability. No patch has been released by Microsoft till now, and users are requested to handle the browser with care.
With moderate vulnerability ratings, the CVE-2020-0674 is a remote code execution interrupt that is prevalent in the way the scripting machine handles objects in memory of the IE browser. Microsoft claims that the affected browsers include- IE 9,10 and 11 currently operating on Windows 10, 8.1 and the Windows 7 OS that met its end of support recently.
According to the advisory released by Microsoft, the exploitation of the issue can be manually blocked by preventing the loading of the JScrpit.dll library that triggers the issue.
Run the following commands on your Windows System:
For 32-bit systems:
takeown / f% windir% \ system32 \ jscript.dll
cacls% windir% \ system32 \ jscript.dll / E / P everyone: N
For 64-bit systems:
takeown / f% windir% \ syswow64 \ jscript.dll
cacls% windir% \ syswow64 \ jscript.dll / E / P everyone: N
takeown / f% windir% \ system32 \ jscript.dll
cacls% windir% \ system32 \ jscript.dll / E / P everyone: N
Once the company releases a patch update, you’ll need to undo the block by using the following commands:
For 32-bit systems:
cacls %windir%\system32\jscript.dll /E /R everyones
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone