iTnews

Patch out for exploited Internet Explorer zero-day

By Juha Saarinen, iTnews on Sep 24, 2019 1:08PM
Patch out for exploited Internet Explorer zero-day

Windows Defender gets out of band update too.

Windows users are advised to apply two out of band updates released by Microsoft today, with one of the flaws being exploited in the wild by unnamed attackers.

The first patch addresses a critical memory corruption zero-day vulnerability in the Windows Javascript scripting engine.

Since the scripting engine doesn't handle objects in memory in Internet Explorer properly, an attacker could exploit the vulnerability to run arbitrary code with the rights of the logged in user, Microsoft said in its CVE-2019-1367 security advisory.

The vulnerability affects websites that use jscript.dll as the scripting engine. 

Microsoft said that Internet Explorer versions 9, 10 and 11 use JScript9.dll by default which isn't affected by the vulnerability.

Although details of the vulnerability have not been publicly disclosed, Microsoft warned that the flaw is being exploited on both the latest and older software releases.

Microsoft did not provide further details on the attacks, or how many users it believes are affected by the bug.

Command line workarounds are available to restrict access to the JScript dynamic link library, but Microsoft warned that they could reduce functionality for components or features that rely on the file.

Issuing the following commands within an Administrator prompt on 32-bit Windows:

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

and on 64-bit Windows:

takeown /f %windir%\syswow64\jscript.dll

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

If the workaround is in place, it must be undone before today's update for the vulnerability is applied, Microsoft said.

With Administrator provileges, the below command removes the workaround on 32-bit systems:

cacls %windir%\system32\jscript.dll /E /R everyone

On 64-bit systems:

cacls %windir%\system32\jscript.dll /E /R everyone

cacls %windir%\syswow64\jscript.dll /E /R everyone

Microsoft's Windows Defender will be automatically updated to handle a denial of service vulnerability that could be exploited to stop users from running legitimate system binaries.

Unlike the scripting engine flaw, the Defender vulnerability has not been detected to be exploited in the wild, Microsoft said.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
defender google internet explorer microsoft security windows

Partner Content

MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
Partner Content MSI shows first laptops with Wi-Fi 6E, Nvidia RTX 30 graphics
MSI launches innovative new laptops
Partner Content MSI launches innovative new laptops
Improving returns from SD-WAN spending
Sponsored Content Improving returns from SD-WAN spending
NCS expands into Australia in partnership with Optus Enterprise
Sponsored Content NCS expands into Australia in partnership with Optus Enterprise

Sponsored Whitepapers

The risky business of open source
The risky business of open source
Mitigating open source risk in your organisation
Mitigating open source risk in your organisation
How to choose a WAF that's right for you
How to choose a WAF that's right for you
The global telco 5G cloud gaming opportunity
The global telco 5G cloud gaming opportunity
Building a ransomware remediation backup strategy
Building a ransomware remediation backup strategy

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
By Juha Saarinen, iTnews
Sep 24 2019
1:08PM
0 Comments

Related Articles

  • Windows Defender update takes out Citrix
  • Windows Defender chokes on two-dot file names
  • Microsoft patches exploited Windows zero-days
  • Patch Wednesday plugs actively exploited IE zero-day
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Telstra pilots its first neurodiversity recruitment program

Telstra pilots its first neurodiversity recruitment program

Accellion hack behind Reserve Bank of NZ data breach

Accellion hack behind Reserve Bank of NZ data breach

Google unravels state-of-art Android and Windows exploit chains

Google unravels state-of-art Android and Windows exploit chains

Signal to ramp up hiring after WhatsApp controversy drives download surge

Signal to ramp up hiring after WhatsApp controversy drives download surge

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.