Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability. The flaw has been described as a memory corruption issue that can be exploited for remote code execution by getting the targeted user to visit a specially crafted website with an affected version of the browser.

The flaw affects the scripting engine in Internet Explorer, specifically a library named jscript.dll, which ensures compatibility with a deprecated version of the JScript scripting language. Internet Explorer 9, 10 and 11 are impacted.

Microsoft has credited Google’s Threat Analysis Group and Chinese cybersecurity firm Qihoo 360 for reporting the vulnerability. Qihoo 360 has revealed that the flaw has been exploited in targeted attacks by a threat group known as DarkHotel, which some researchers have linked to South Korea.

Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.dll. Users will need to revert this workaround before installing any future updates.

The company has pointed out that all supported versions of IE use Jscrip9.dll by default, which is not affected by the vulnerability. However, the flaw impacts certain websites that rely on jscript as the scripting engine.

As promised when the existence of the vulnerability was disclosed, 0patch has released an unofficial fix for CVE-2020-0674. The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.

Applying the workaround as described by Microsoft breaks web applications that use jscript.dll and only run in Internet Explorer. There have been some reports that the workaround also causes issues for Windows Media Player when playing MP4 files, the “Microsoft Print to PDF” feature, the System File Checker (SFC) tool on Windows 7, and proxy auto-configuration (PAC) scripts.

Advertisement. Scroll to continue reading.

0patch says its micropatch protects a system against potential attacks, but it should not cause the problems reported by users who manually applied Microsoft’s workaround. The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.

ACROS Security CEO Mitja Kolsek told SecurityWeek that the micropatch for CVE-2020-0674 is available to users of 0patch FREE, but the free version of the tool can only be used in non-commercial environments. Organizations interested in obtaining the patch will need to acquire a 0patch PRO license.

0patch has made available technical details on how it developed its micropatch and posted a video showing it in action.

Related: 0patch Promises Support for Windows 7 Beyond January 2020

Related: Unofficial Patches Released for Three Unfixed Windows Flaws

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

David Currie, former CISO of Nubank and Klarna, has been appointed CEO of Vaultree.

Chris Burger has been named Chief Information Security Officer at F5.

Bedrock Security has appointed George Gerchow as Chief Security Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.