Microsoft released security updates to patch an actively exploited zero-day remote code execution (RCE) vulnerability impacting multiple versions of Internet Explorer.
In the middle of January 2020, Microsoft released an advisory about an Internet Explorer zero-day vulnerability (CVE-2020-0674) that was publicly disclosed and being actively exploited by attackers.
The flaw, reported by Clément Lecigne of Google’s Threat Analysis Group and Ella Yu from Qihoo 360, "could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user" according to Microsoft.
If the user is logged on with administrative permissions on a compromised device, attackers could take full control of the system allowing for program installation and data manipulation, or the possibility to create accounts with full user rights.
Mitigation issues
A security fix was not available at the time and Microsoft only released mitigation measures that removed permission to jscript.dll so that the security vulnerability could not be exploited by attackers on unpatched systems.
However, the mitigations provided by Microsoft were breaking printing due to printer drivers and software utilizing the now nerfed jscript.dll.
For users who needed to print and still have their systems protected, 0Patch released a micropatch that resolved the CVE-2020-0674 vulnerability without the printing issues.
With the February Patch Tuesday updates, Microsoft released formal security updates for the 'CVE-2020-0674 | Scripting Engine Memory Corruption Vulnerability' allowing customers to patch the vulnerability without having to deal with the downsides stemming from the previously recommended mitigations.
It is not known at this time if today's security updates addressing this IE flaw will continue to cause issues with printing, so be on the lookout for those issues.
Links to the articles detailing the changes and the Microsoft Update Catalog download pages for each security update are available below.
| Product | Platform | Article | Download |
| Internet Explorer 10 | Windows Server 2012 | 4537814 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 11 | Windows 10 Version 1803 for 32-bit Systems | 4537762 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1803 for x64-based Systems | 4537762 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1803 for ARM64-based Systems | 4537762 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1809 for 32-bit Systems | 4532691 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1809 for x64-based Systems | 4532691 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1809 for ARM64-based Systems | 4532691 | Security Update |
| Internet Explorer 11 | Windows Server 2019 | 4532691 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1909 for 32-bit Systems | 4532693 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1909 for x64-based Systems | 4532693 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1909 for ARM64-based Systems | 4532693 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1709 for 32-bit Systems | 4537789 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1709 for x64-based Systems | 4537789 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1709 for ARM64-based Systems | 4537789 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1903 for 32-bit Systems | 4532693 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1903 for x64-based Systems | 4532693 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1903 for ARM64-based Systems | 4532693 | Security Update |
| Internet Explorer 11 | Windows 10 for 32-bit Systems | 4537776 | Security Update |
| Internet Explorer 11 | Windows 10 for x64-based Systems | 4537776 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1607 for 32-bit Systems | 4537764 | Security Update |
| Internet Explorer 11 | Windows 10 Version 1607 for x64-based Systems | 4537764 | Security Update |
| Internet Explorer 11 | Windows Server 2016 | 4537764 | Security Update |
| Internet Explorer 11 | Windows 7 for 32-bit Systems Service Pack 1 | 4537820 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 11 | Windows 7 for x64-based Systems Service Pack 1 | 4537820 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 11 | Windows 8.1 for 32-bit systems | 4537821 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 11 | Windows 8.1 for x64-based systems | 4537821 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 11 | Windows RT 8.1 | 4537821 | Monthly Rollup |
| Internet Explorer 11 | Windows Server 2008 R2 for x64-based Systems Service Pack 1 | 4537820 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 11 | Windows Server 2012 | 4537814 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 11 | Windows Server 2012 R2 | 4537821 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 9 | Windows Server 2008 for x64-based Systems Service Pack 2 | 4537810 | Monthly Rollup |
| 4537767 | IE Cumulative | ||
| Internet Explorer 9 | Windows Server 2008 for 32-bit Systems Service Pack 2 | 4537810 | Monthly Rollup |
| 4537767 | IE Cumulative |
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now