Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability. The flaw has been described as a memory corruption issue that can be exploited for remote code execution by getting the targeted user to visit a specially crafted website with an affected version of the browser.

The flaw affects the scripting engine in Internet Explorer, specifically a library named jscript.dll, which ensures compatibility with a deprecated version of the JScript scripting language. Internet Explorer 9, 10 and 11 are impacted.

Microsoft has credited Google’s Threat Analysis Group and Chinese cybersecurity firm Qihoo 360 for reporting the vulnerability. Qihoo 360 has revealed that the flaw has been exploited in targeted attacks by a threat group known as DarkHotel, which some researchers have linked to South Korea.

Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.dll. Users will need to revert this workaround before installing any future updates.

The company has pointed out that all supported versions of IE use Jscrip9.dll by default, which is not affected by the vulnerability. However, the flaw impacts certain websites that rely on jscript as the scripting engine.

As promised when the existence of the vulnerability was disclosed, 0patch has released an unofficial fix for CVE-2020-0674. The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.

Applying the workaround as described by Microsoft breaks web applications that use jscript.dll and only run in Internet Explorer. There have been some reports that the workaround also causes issues for Windows Media Player when playing MP4 files, the “Microsoft Print to PDF” feature, the System File Checker (SFC) tool on Windows 7, and proxy auto-configuration (PAC) scripts.

0patch says its micropatch protects a system against potential attacks, but it should not cause the problems reported by users who manually applied Microsoft’s workaround. The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.

ACROS Security CEO Mitja Kolsek told SecurityWeek that the micropatch for CVE-2020-0674 is available to users of 0patch FREE, but the free version of the tool can only be used in non-commercial environments. Organizations interested in obtaining the patch will need to acquire a 0patch PRO license.

0patch has made available technical details on how it developed its micropatch and posted a video showing it in action.

Related: 0patch Promises Support for Windows 7 Beyond January 2020

Related: Unofficial Patches Released for Three Unfixed Windows Flaws

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.