HEAD OF COMMUNICATION AND PR

A new malicious code is wreaking havoc in corporate IT networks by exploiting a 0-day vulnerability in Internet Explorer.

Even if this browser is not the default one used by endpoints within your organization, you still have reason to be concerned. The malicious code gets into your systems through email and has the potential to corrupt the internal memory and afterward execute arbitrary code.

Here is everything you need to know about the way in which this 0-day vulnerability in Internet Explorer gets abused and how to protect your organization.

The 0-Day Vulnerability Gets Exploited Through Malicious Email Links

According to our intel, this malicious code has been abused in targeted attacks delivered through spear phishing. The 0-day vulnerability in Internet Explorer can be activated by attackers either via a drive-by attack or through a malicious link sent to the target through email.

The vulnerability has been assigned CVE ID: CVE2020-0674 and has been the topic of an official warning from Microsoft. This is a vulnerability that can be abused to corrupt memory via jscript and thereby execute arbitrary code on vulnerable systems.

According to Microsoft, the remote code execution vulnerability could allow attackers to handle objects in memory in Internet Explorer through the scripting engine. Once an attacker obtains access to an endpoint in this manner, they could then gain the same user rights as the current user of that endpoint, and execute arbitrary code remotely.

Heimdal Official Logo

System admins waste 30% of their time manually managing user rights or installations.

Thor AdminPrivilege™

is the automatic Privileged Access Management (PAM) solution
which frees up huge chunks of sys-admin time.
  • Automate the elevation of admin rights on request;
  • Approve or reject escalations with one click;
  • Provide a full audit trail into user behavior;
  • Automatically de-escalate on infection;
Try it for FREE today Offer valid only for companies.

This is even more dangerous if your organization does not practice Privileged Access Management (PAM), since by compromising a user with admin rights could help an attacker obtain access to your entire IT infrastructure through this 0-day vulnerability. According to Microsoft’s warning, “An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

How to Stay Safe from this 0-Day Exploit

Don’t allow yourself to get breached by proactively addressing this issue before the 0-day vulnerability in Internet Explorer can be leveraged against you.

Currently, the only known workaround is to restrict access to jscript.dll in IE9-11 via “takeown”. For a 32bit operating system it will look like this:

takeown /f %windir%\system32\jscript.dll cacls %windir%\system32\jscript.dll /E /P everyone:N

Be warned that this quick fix has been causing some functionality issues for some users, like problems with printing.

Heimdal Official Logo

Antivirus is no longer enough to keep an organization’s systems secure.

Thor Foresight Enterprise

Is our next gen proactive shield that stops unknown threats
before they reach your system.
  • Machine learning powered scans for all incoming online traffic;
  • Stops data breaches before sensitive info can be exposed to the outside;
  • Automatic patches for your software and apps with no interruptions;
  • Protection against data leakage, APTs, ransomware and exploits;
Try it for FREE today Offer valid only for companies.

We have seen several malicious domains that are exploiting this vulnerability and we are blocking them all. So if you are using our DNS traffic filtering solution, Thor Foresight Enterprise, you are safe from harm and don’t need to do anything more to secure your organization further against this zero-day exploit.

Stay safe.

 

Comments

I have Thor vigilance installed and I see that Heimdal is no longer starting up when I reboot my system. I had to shut it down awhile back to reinstall NordVPN and I wonder if that could be related? On another machine I had to uninstall Heimdal completely after windows 1903 updates due to computer running uselessly slow – one keystroke took 30 seconds to register! It seems to be okay now with both the VPN and Heimdal since update 1909, but still hesitates and gets behind when I’m typing in gmail. Any thoughts?

Hi Jerry, It sounds like it might be an installation issue. Please send an email to my colleagues at support@heimdalsecurity.com and they will assist you right away. Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP