Zero-Day IE Bug is Being Exploited in the Wild

Both Microsoft and the US government are warning computer users of a critical remote code execution (RCE) vulnerability in Internet Explorer, which is currently being exploited in the wild.

The zero-day bug, CVE-2020-0674, exists in the way the scripting engine handles objects in memory in IE, according to a Microsoft advisory updated over the weekend.

Attackers could send phishing emails to victims, tricking them into visiting a specially crafted website designed to exploit the flaw through IE, Redmond claimed.

“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user,” it continued.

“If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

The vulnerability affects IE versions 9, 10 and 11 running on all Windows desktop and server versions, including the no-longer supported Windows 7 and Server 2008.

Despite admitting that the flaw is being exploited in “limited targeted attacks,” Microsoft has yet to release an emergency patch. Instead, it detailed a set of temporary mitigations which revolve around restricting access to the JavaScript component JScript.dll.

Carl Wearn, head of e-crime at Mimecast, advised organizations to enforce the use of alternative browsers until the issue is fixed.

“In addition to the threat from this zero-day vulnerability, I would also be wary of using IE at present due to the current resurgence in the use of exploit kits specifically designed to exploit IE vulnerabilities,” he added.

“Ransomware threat actors in particular are currently utilizing exploit kits such as Fallout and Spelevo. While posing no threat to other browsers these exploit kits will likely compromise any Windows machine utilizing Internet Explorer if it visits a compromised website.”

IE versions still have a combined global market share of over 5%, according to the latest figures from December 2019.

What’s Hot on Infosecurity Magazine?