The team at Microsoft has released a security advisory that details a remote code execution vulnerability (RCE) in Internet Explorer. The bug exists in the way that the scripting engine in jscript.dll handles objects in memory in Internet Explorer. If executed correctly, the attacker could have access to run code with the same privileges as the current user, simply by tricking the user to visit the attacker’s malicious website using Internet Explorer. If the current user of the targeted device has administrative rights, then the attacker would be granted the same rights which could lead to a total system takeover. This could allow the attacker to install malicious programs, tamper with data, and create additional user accounts with full user rights.
Analyst Notes
Microsoft has acknowledged that this vulnerability is being exploited in the wild, which makes it a higher priority for administrators to address. Although no permanent fix has been developed, the Microsoft advisory contains a workaround to disable the use of jscript.dll. If this workaround is implemented, the functionality of certain components that rely on jscript.dll may be reduced. A better approach is to use Microsoft Edge or a different browser in place of Internet Explorer until a patch for this vulnerability is created by Microsoft, and to not use administrator accounts to browse the web from a server, except for trusted sites. More information on the workaround can be found here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001
