Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability. The flaw has been described as a memory corruption issue that can be exploited for remote code execution by getting the targeted user to visit a specially crafted website with an affected version of the browser.

The flaw affects the scripting engine in Internet Explorer, specifically a library named jscript.dll, which ensures compatibility with a deprecated version of the JScript scripting language. Internet Explorer 9, 10 and 11 are impacted.

Microsoft has credited Google’s Threat Analysis Group and Chinese cybersecurity firm Qihoo 360 for reporting the vulnerability. Qihoo 360 has revealed that the flaw has been exploited in targeted attacks by a threat group known as DarkHotel, which some researchers have linked to South Korea.

Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.dll. Users will need to revert this workaround before installing any future updates.

The company has pointed out that all supported versions of IE use Jscrip9.dll by default, which is not affected by the vulnerability. However, the flaw impacts certain websites that rely on jscript as the scripting engine.

As promised when the existence of the vulnerability was disclosed, 0patch has released an unofficial fix for CVE-2020-0674. The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.

Applying the workaround as described by Microsoft breaks web applications that use jscript.dll and only run in Internet Explorer. There have been some reports that the workaround also causes issues for Windows Media Player when playing MP4 files, the “Microsoft Print to PDF” feature, the System File Checker (SFC) tool on Windows 7, and proxy auto-configuration (PAC) scripts.

Advertisement. Scroll to continue reading.

0patch says its micropatch protects a system against potential attacks, but it should not cause the problems reported by users who manually applied Microsoft’s workaround. The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.

ACROS Security CEO Mitja Kolsek told SecurityWeek that the micropatch for CVE-2020-0674 is available to users of 0patch FREE, but the free version of the tool can only be used in non-commercial environments. Organizations interested in obtaining the patch will need to acquire a 0patch PRO license.

0patch has made available technical details on how it developed its micropatch and posted a video showing it in action.

Related: 0patch Promises Support for Windows 7 Beyond January 2020

Related: Unofficial Patches Released for Three Unfixed Windows Flaws

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.