Microsoft Security Advisory for Remote Code Execution Vulnerability in IE

Corrine · January 17, 2020, 11:00:25 PM

Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer. The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer. As described in the advisory:

QuoteThe vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In the event you use Internet Explorer, it is strongly advised that you follow the instructions at the bottom of the Advisory to restrict access to JScript.dll as a workaround.

Security Advisory ADV200001

Pierre75 · January 21, 2020, 09:06:01 AM

On Windows 7 Home Premium x64: Please note that 'SFC /scannow' will not run clean unless the Advisory is removed.

Pierre75 · January 26, 2020, 03:06:34 AM

Quote:

Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer. The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer.

Unquote:

Sorry can't remember how to quote. My question is: Before installation of January updates I removed the advisory and then installed updates on 3 PCs running Windows 7 Home Premium x64. Do I now install the advisory again or not bother?

plodr · January 26, 2020, 02:28:04 PM

If you use IE, then install the workaround again. But look at this comment in the advisory

QuoteBy default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize jscript as the scripting engine.

I'd say it is easier to switch to a different browser which has been patched.

I have not done the workaround to our 4 Windows 7 computers. We don't use IE and it appears it only affects some websites.

Aside from breaking sfc, the workaround breaks a few other things. I've been searching for the article but so far haven't found it.
Found it
https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html

QuoteThere also several other negative side effects:

Windows Media Player is reported to break on playing MP4 files.
The sfc (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions, chokes on jscript.dll with altered permissions.
Printing to "Microsoft Print to PDF" is reported to break.
Proxy automatic configuration scripts (PAC scripts) may not work.

Pierre75 · January 27, 2020, 04:43:11 AM

Thank you @plodr. I will check this out. I do not use IE except for the odd occasion (3 PCs). Mainly use Firefox with a few extensions. Also run Beta and Dev M$ Chrome browser at times just to see how it protects a test Laptop.

Opinion on 0Patch would be appreciated by anyone - thanks.

pastywhitegurl · January 27, 2020, 04:47:58 PM

I turned IE off. It is uninstalled, but apparently the files remain so that it can be turned on again.

https://www.windowscentral.com/how-remove-internet-explorer-11-windows-10

Is it still vulnerable in this state?

Corrine · January 27, 2020, 07:50:50 PM

Yes, it is still vulnerable. However, considering all of the browsers you have installed, there is absolutely no reason for you to launch IE. From your specs list:

QuoteFireFox latest
Edge Latest
IE (turned off)
Chrome Latest
Opera Latest
Pale Moon latest

I doubt if I used IE half a dozen times on Windows 7 and know for certain that I haven't used it on Windows 10, which I have been using since the first Windows Insider Build on October 1, 2014.

winchester73 · January 27, 2020, 10:51:34 PM

Quote from: pastywhitegurl on January 27, 2020, 04:47:58 PM
I turned IE off. It is uninstalled, but apparently the files remain so that it can be turned on again.

https://www.windowscentral.com/how-remove-internet-explorer-11-windows-10

Is it still vulnerable in this state?

The file itself is still vulnerable, but since you have turned IE off and don't use it to surf the web it can't be exploited.

You can find something else to worry about 8)

pastywhitegurl · January 28, 2020, 03:01:35 AM

Quote from: winchesterThe file itself is still vulnerable, but since you have turned IE off and don't use it to surf the web it can't be exploited.

That was exactly my question---could it be exploited if I was not using it. It seems not. Thanks!

*goes off to worry about something else....*

Pierre75 · January 28, 2020, 04:54:59 AM

QuoteThe file itself is still vulnerable, but since you have turned IE off and don't use it to surf the web it can't be exploited.

Thanks for the replies. I have disabled IE11 on my 3 PCs running W7.

Sincere regards, Peter.

IF IT AIN'T BROKE - DON'T FIX IT!!!