A new remote code execution flaw affects the Microsoft browser
Cybersecurity experts from the International Institute of Cyber Security report that Microsoft has just launched an urgent security update to correct critical zero-day vulnerability in the Internet Explorer browser. According to reports, there is evidence that some malicious hackers have been exploiting this vulnerability in the wild against some Windows operating system computers.
Tracked as CVE-2018-8653, this is remote code execution vulnerability in the Internet Explorer scripting engine. This flaw was discovered by the cybersecurity expert Clement Lecigne of Google’s Threat Analysis Group.
According to the security report, unspecified memory corruption vulnerability resides in the JScript component of the Microsoft Internet Explorer scripting engine that handles scripting language execution. If successfully exploited, the vulnerability could allow an attacker to execute arbitrary code in the context of the regular user.
“If the current user is logged in with administrative user rights, an attacker who exploited this vulnerability could take control of the compromised system. The malicious actor could install software, view, modify or delete user data, or even create new accounts,” the security report mentions.
In addition, a remote attacker might try to convince the victim to view a specially crafted HTML document, an Office document, a PDF file, or any other document that opens the embedded content of the Internet Explorer scripting engine.
Neither Google or Microsoft have mentioned more details about this critical error, information about proof of concept, or details about an active campaign of cyberattacks exploiting this vulnerability.
Because this vulnerability has already been exploited in the wild, cybersecurity experts have recommended that Microsoft users install the company’s latest updates as soon as possible. On the other hand, users who have not yet upgraded their systems could mitigate the risks by restricting access to the jScript.dll file by executing the corresponding command for each operating system:
· For 64 bits systems:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
· For 32 bits systems:
cacls %windir%\system32\jscript.dll /E /P everyone:N
It should be noted that the previous command will force the Web browser to use jscript9.dll, but any website that is based on Jscript.dll cannot be processed.