A new malicious code is wreaking havoc in corporate IT networks by exploiting a 0-day vulnerability in Internet Explorer.
Even if this browser is not the default one used by endpoints within your organization, you still have reason to be concerned. The malicious code gets into your systems through email and has the potential to corrupt the internal memory and afterward execute arbitrary code.
Here is everything you need to know about the way in which this 0-day vulnerability in Internet Explorer gets abused and how to protect your organization.
The 0-Day Vulnerability Gets Exploited Through Malicious Email Links
According to our intel, this malicious code has been abused in targeted attacks delivered through spear phishing. The 0-day vulnerability in Internet Explorer can be activated by attackers either via a drive-by attack or through a malicious link sent to the target through email.
The vulnerability has been assigned CVE ID: CVE2020-0674 and has been the topic of an official warning from Microsoft. This is a vulnerability that can be abused to corrupt memory via jscript and thereby execute arbitrary code on vulnerable systems.
According to Microsoft, the remote code execution vulnerability could allow attackers to handle objects in memory in Internet Explorer through the scripting engine. Once an attacker obtains access to an endpoint in this manner, they could then gain the same user rights as the current user of that endpoint, and execute arbitrary code remotely.
This is even more dangerous if your organization does not practice Privileged Access Management (PAM), since by compromising a user with admin rights could help an attacker obtain access to your entire IT infrastructure through this 0-day vulnerability. According to Microsoft’s warning, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
How to Stay Safe from this 0-Day Exploit
Don’t allow yourself to get breached by proactively addressing this issue before the 0-day vulnerability in Internet Explorer can be leveraged against you.
Currently, the only known workaround is to restrict access to jscript.dll in IE9-11 via “takeown”. For a 32bit operating system it will look like this:
takeown /f %windir%\system32\jscript.dll cacls %windir%\system32\jscript.dll /E /P everyone:N
We have seen several malicious domains that are exploiting this vulnerability and we are blocking them all. So if you are using our DNS traffic filtering solution, Thor Foresight Enterprise, you are safe from harm and don’t need to do anything more to secure your organization further against this zero day exploit.
Stay safe.
If you liked this post, you will enjoy our newsletter.
Receive new articles directly in your inbox
The post SECURITY ALERT: 0-Day Vulnerability in Internet Explorer Is Abused in Targeted Attacks appeared first on Heimdal Security Blog.