Author Topic: Microsoft Security Advisory for Remote Code Execution Vulnerability in IE  (Read 814 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19971
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer.  The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer. As described in the advisory:

Quote
The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In the event you use Internet Explorer, it is strongly advised that you follow the instructions at the bottom of the Advisory to restrict access to JScript.dll as a workaround.

Security Advisory ADV200001


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 423
    • View Profile
On Windows 7 Home Premium x64: Please note that 'SFC /scannow' will not run clean unless the Advisory is removed.
IF IT AIN'T BROKE -  DON'T FIX IT

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 423
    • View Profile

Quote:

Microsoft released Security Advisory ADV200001 for a remote code execution vulnerability with limited active attacks in Internet Explorer.  The issue is described as the way that the scripting engine handles objects in memory in Internet Explorer.

Unquote:

Sorry can't remember how to quote. My question is: Before installation of January updates I removed the advisory and then installed updates on 3 PCs running Windows 7 Home Premium x64. Do I now install the advisory again or not bother?

 
IF IT AIN'T BROKE -  DON'T FIX IT

Offline plodr

  • LzD Friends
  • Hero Member
  • *****
  • Posts: 1246
    • View Profile
If you use IE, then install the workaround again. But look at this comment in the advisory
Quote
By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize jscript as the scripting engine.

I'd say it is easier to switch to a different browser which has been patched.

I have not done the workaround to our 4 Windows 7 computers. We don't use IE and it appears it only affects some websites.

Aside from breaking sfc, the workaround breaks a few other things. I've been searching for the article but so far haven't found it.
Found it
https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html
Quote
There also several other negative side effects:

    Windows Media Player is reported to break on playing MP4 files.
    The sfc (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions, chokes on jscript.dll with altered permissions.
    Printing to "Microsoft Print to PDF" is reported to break.
    Proxy automatic configuration scripts (PAC scripts) may not work.

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 423
    • View Profile
Thank you @plodr. I will check this out. I do not use IE except for the odd occasion (3 PCs). Mainly use Firefox with a few extensions. Also run Beta and Dev M$ Chrome browser at times just to see how it protects a test Laptop.
 
Opinion on 0Patch would be appreciated by anyone - thanks.
IF IT AIN'T BROKE -  DON'T FIX IT

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1075
  • advanced techno feeb
    • View Profile
I turned IE off.   It is uninstalled, but apparently the files remain so that it can be turned on again.

https://www.windowscentral.com/how-remove-internet-explorer-11-windows-10

Is it still vulnerable in this state?

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19971
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Yes, it is still vulnerable.  However, considering all of the browsers you have installed, there is absolutely no reason for you to launch IE.  From your specs list:

Quote
FireFox latest
Edge Latest
IE (turned off)
Chrome Latest
Opera Latest
Pale Moon latest

I doubt if I used IE half a dozen times on Windows 7 and know for certain that I haven't used it on Windows 10, which I have been using since the first Windows Insider Build on October 1, 2014.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Offline winchester73

  • Half a bubble off plumb
  • Administrator
  • Hero Member
  • *****
  • Posts: 7274
  • Liverpool FC - YNWA
    • View Profile
I turned IE off.   It is uninstalled, but apparently the files remain so that it can be turned on again.

https://www.windowscentral.com/how-remove-internet-explorer-11-windows-10

Is it still vulnerable in this state?

The file itself is still vulnerable, but since you have turned IE off and don’t use it to surf the web it can’t be exploited.

You can find something else to worry about  8)
Speak softly, but carry a big Winchester ... Winchester Arms Collectors Association member

Offline pastywhitegurl

  • Hero Member
  • *****
  • Posts: 1075
  • advanced techno feeb
    • View Profile
Quote from: winchester
The file itself is still vulnerable, but since you have turned IE off and don’t use it to surf the web it can’t be exploited.

That was exactly my question---could it be exploited if I was not using it.  It seems not. Thanks!

*goes off to worry about something else....*

Offline Pierre75

  • Sr. Member
  • ****
  • Posts: 423
    • View Profile

Quote
The file itself is still vulnerable, but since you have turned IE off and don’t use it to surf the web it can’t be exploited.

Thanks for the replies. I have disabled IE11 on my 3 PCs running W7.

Sincere regards, Peter.


IF IT AIN'T BROKE - DON'T FIX IT!!!
IF IT AIN'T BROKE -  DON'T FIX IT