ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.
Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability. The flaw has been described as a memory corruption issue that can be exploited for remote code execution by getting the targeted user to visit a specially crafted website with an affected version of the browser.
The flaw affects the scripting engine in Internet Explorer, specifically a library named jscript.dll, which ensures compatibility with a deprecated version of the JScript scripting language. Internet Explorer 9, 10 and 11 are impacted.
Microsoft has credited Google’s Threat Analysis Group and Chinese cybersecurity firm Qihoo 360 for reporting the vulnerability. Qihoo 360 has revealed that the flaw has been exploited in targeted attacks by a threat group known as DarkHotel, which some researchers have linked to South Korea.
Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.dll. Users will need to revert this workaround before installing any future updates.
The company has pointed out that all supported versions of IE use Jscrip9.dll by default, which is not affected by the vulnerability. However, the flaw impacts certain websites that rely on jscript as the scripting engine.
As promised when the existence of the vulnerability was disclosed, 0patch has released an unofficial fix for CVE-2020-0674. The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.
Applying the workaround as described by Microsoft breaks web applications that use jscript.dll and only run in Internet Explorer. There have been some reports that the workaround also causes issues for Windows Media Player when playing MP4 files, the “Microsoft Print to PDF” feature, the System File Checker (SFC) tool on Windows 7, and proxy auto-configuration (PAC) scripts.
0patch says its micropatch protects a system against potential attacks, but it should not cause the problems reported by users who manually applied Microsoft’s workaround. The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.
ACROS Security CEO Mitja Kolsek told SecurityWeek that the micropatch for CVE-2020-0674 is available to users of 0patch FREE, but the free version of the tool can only be used in non-commercial environments. Organizations interested in obtaining the patch will need to acquire a 0patch PRO license.
0patch has made available technical details on how it developed its micropatch and posted a video showing it in action.
Related: 0patch Promises Support for Windows 7 Beyond January 2020
Related: Unofficial Patches Released for Three Unfixed Windows Flaws

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Microsoft Adding New Security Features to Windows 11
- Sony Investigating After Hackers Offer to Sell Stolen Data
- 900 US Schools Impacted by MOVEit Hack at National Student Clearinghouse
- Predator Spyware Delivered to iOS, Android Devices via Zero-Days, MitM Attacks
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- Cisco to Acquire Splunk for $28 Billion
Latest News
- Microsoft Adding New Security Features to Windows 11
- UAE-Linked APT Targets Middle East Government With New ‘Deadglyph’ Backdoor
- Sony Investigating After Hackers Offer to Sell Stolen Data
- The CISO Carousel and its Effect on Enterprise Cybersecurity
- Xenomorph Android Banking Trojan Targeting Users in US, Canada
- $200 Million in Cryptocurrency Stolen in Mixin Network Hack
- Stealthy APT Gelsemium Seen Targeting Southeast Asian Government
- Nigerian Pleads Guilty in US to Million-Dollar BEC Scheme Role
