Zero-Day IE Bug is Being Exploited in the Wild


#1

Zero-Day IE Bug is Being Exploited in the Wild (Jan 21, 2020)

Warnings have been given from the US Government and Microsoft in regards to a remote code execution (RCE) vulnerability found in Internet Explorer (IE) and is currently in use by threat actors. The zero-day has been tagged as ‘CVE-2020-0674” and the exploit gives threat actors the capability of executing code on the user’s system by corrupting memory. The exploit could provide threat actors the same rights as the legitimate user which in turn could result in malicious programs being deployed, personal files could be deleted, encrypted or exfiltrated. CVE-2020-0674 affects IE versions 9, 10 and 11 on Windows systems.

Recommendation: The security update should be applied as soon as possible because of the high criticality rating of this vulnerability and the potential for an actor to take control of an affected system. Additionally, your company should have policies in place to review and apply security updates for software in use to protect against known vulnerabilities that threat actors may exploit. At the time of writing Microsoft have not released a patch for this vulnerability and have disclosed provisional solutions by restricting access to the JavaScript component JScript.dll at “https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001”.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.