SECURITY ALERT: 0-Day Vulnerability in Internet Explorer Is Abused in Targeted Attacks

A new malicious code is wreaking havoc in corporate IT networks by exploiting a 0-day vulnerability in Internet Explorer.

Even if this browser is not the default one used by endpoints within your organization, you still have reason to be concerned. The malicious code gets into your systems through email and has the potential to corrupt the internal memory and afterward execute arbitrary code.

Here is everything you need to know about the way in which this 0-day vulnerability in Internet Explorer gets abused and how to protect your organization.

The 0-Day Vulnerability Gets Exploited Through Malicious Email Links

According to our intel, this malicious code has been abused in targeted attacks delivered through spear phishing. The 0-day vulnerability in Internet Explorer can be activated by attackers either via a drive-by attack or through a malicious link sent to the target through email.

The vulnerability has been assigned CVE ID: CVE2020-0674 and has been the topic of an official warning from Microsoft. This is a vulnerability that can be abused to corrupt memory via jscript and thereby execute arbitrary code on vulnerable systems.

According to Microsoft, the remote code execution vulnerability could allow attackers to handle objects in memory in Internet Explorer through the scripting engine. Once an attacker obtains access to an endpoint in this manner, they could then gain the same user rights as the current user of that endpoint, and execute arbitrary code remotely.

System admins waste 30% of their time manually managing user rights or installations

Heimdal® Privileged Access Management

Is the automatic PAM solution that makes everything easier.

• Automate the elevation of admin rights on request;
• Approve or reject escalations with one click;
• Provide a full audit trail into user behavior;
• Automatically de-escalate on infection;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

This is even more dangerous if your organization does not practice Privileged Access Management (PAM), since by compromising a user with admin rights could help an attacker obtain access to your entire IT infrastructure through this 0-day vulnerability. According to Microsoft’s warning, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

How to Stay Safe from this 0-Day Exploit

Don’t allow yourself to get breached by proactively addressing this issue before the 0-day vulnerability in Internet Explorer can be leveraged against you.

Currently, the only known workaround is to restrict access to jscript.dll in IE9-11 via “takeown”. For a 32bit operating system it will look like this:

takeown /f %windir%\system32\jscript.dll cacls %windir%\system32\jscript.dll /E /P everyone:N

Be warned that this quick fix has been causing some functionality issues for some users, like problems with printing.

Antivirus is no longer enough to keep an organization’s systems secure.

Heimdal® Threat Prevention - Endpoint

Is our next gen proactive DNS-Layer security that stops unknown threats before they reach your system.

• Machine learning powered scans for all incoming online traffic;
• Stops data breaches before sensitive info can be exposed to the outside;
• Advanced DNS, HTTP and HTTPS filtering for all your endpoints;
• Protection against data leakage, APTs, ransomware and exploits;

Try it for FREE today 30-day Free Trial. Offer valid only for companies.

We have seen several malicious domains that are exploiting this vulnerability and we are blocking them all. So if you are using our DNS traffic filtering solution, Heimdal™ Threat Prevention, you are safe from harm and don’t need to do anything more to secure your organization further against this zero-day exploit.

Stay safe.