Microsoft’s bequest browser, Internet Explorer, may compel you to reboot your PC soon.

The remote code execution IE Zero-day vulnerability in Internet explorer scripting engine allows threat actors to execute arbitrary code in the context of the user.

Manipulators who successfully exploited the IE Zero-day vulnerability could leverage security privileges of the logged in user & execute malevolent code to corrupt system memory. In other words, if you are logged on with administrative user rights, this vulnerability could be exploited to take full control of an affected system. Threat actors can leverage this opportunity to:

1. Deploy malicious code on user’s system.
2. Install malicious programs.
3. View, change, or delete data
4. Create new accounts with full user rights

This Zero-day vulnerability is tracked as CVE-2018-8653 & can further be exploited in the following ways:

1. In Web-based scenarios, attackers could host especially crafted malicious sites designed to exploit vulnerability via Internet Explorer. Innocent users can then be lured to visit the contagious sites via ads or booby trapped emails. The embedded malefic script in the corrupt site in turn may infect user‘s system.
2. Threat actors can also make hay of the Applications that embed the IE scripting engine to render web based content to vitiate user system. Examples of such apps include – applications that are part of the Office suite.

Microsoft’s out-of-band security update to cope with Internet Explorer RCE (Remote Code Execution) Zero-Day

Microsoft recently released an out-of-band security update, to fix Internet Explorer RCE Zero-Day vulnerability that has been wildly abused.

The security update addresses the vulnerability by modifying how Internet explorer scripting engine handles objects in memory. Users who have the Windows Update enabled & have applied the latest security updates are protected automatically against RCE zero day vulnerability.

For Instance:

1. KB4483235 is now available for users on Windows 10 October 2018 Update, or version 1809
2. KB4483234 is delivered for users on Windows 10 April 2018 Update, or version 1803
3. KB4483232 is available for version 1709
4. Version 1703 gets KB4483230
5. Microsoft is delivering KB4483229 for users on Windows Server 2016 & version 1607
6. Version 1507 is receiving KB4483228.

These updates can be manually downloaded from Microsoft Update Catalog Website.

Mitigating Internet Explorer RCE Zero-Day vulnerability without installing the updates

The attacker will get code execution rights under the same privileges the victim has. If the victim is using an account with limited access, the damage can be contained to simple operations, albeit this might be enough to plant malware on a victim’s computer.

Removing privileges to the jscript.dll file for the Everyone group by executing the following commands on command prompt window will mitigate Internet Explorer RCE Zero-Day vulnerability without having to install the updates.

Enter the following command at an administrative command prompt to limit access to JScript.dll

For 32- Bit system the command is:

Icacls %windir%\system32\jscript.dll /E /P everyone:N

For 64-bit system the command is:

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

To undo the workaround follow these commands:

For 32- Bit system the command is:

cacls %windir%\system32\jscript.dll /E /R everyone

For 64-bit system the command is:

cacls %windir%\syswow64\jscript.dll /E /R everyone

Users however are recommended to install latest Windows updates to keep PC risk free.

Hits: 127