Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day
ACROS Security’s 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.
Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability. The flaw has been described as a memory corruption issue that can be exploited for remote code execution by getting the targeted user to visit a specially crafted website with an affected version of the browser.
The flaw affects the scripting engine in Internet Explorer, specifically a library named jscript.dll, which ensures compatibility with a deprecated version of the JScript scripting language. Internet Explorer 9, 10 and 11 are impacted.
Microsoft has credited Google’s Threat Analysis Group and Chinese cybersecurity firm Qihoo 360 for reporting the vulnerability. Qihoo 360 has revealed that the flaw has been exploited in targeted attacks by a threat group known as DarkHotel, which some researchers have linked to South Korea.
Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.dll. Users will need to revert this workaround before installing any future updates.
The company has pointed out that all supported versions of IE use Jscrip9.dll by default, which is not affected by the vulnerability. However, the flaw impacts certain websites that rely on jscript as the scripting engine.
As promised when the existence of the vulnerability was disclosed, 0patch has released an unofficial fix for CVE-2020-0674. The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.
Applying the workaround as described by Microsoft breaks web applications that use jscript.dll and only run in Internet Explorer. There have been some reports that the workaround also causes issues for Windows Media Player when playing MP4 files, the “Microsoft Print to PDF” feature, the System File Checker (SFC) tool on Windows 7, and proxy auto-configuration (PAC) scripts.
0patch says its micropatch protects a system against potential attacks, but it should not cause the problems reported by users who manually applied Microsoft’s workaround. The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.
ACROS Security CEO Mitja Kolsek told SecurityWeek that the micropatch for CVE-2020-0674 is available to users of 0patch FREE, but the free version of the tool can only be used in non-commercial environments. Organizations interested in obtaining the patch will need to acquire a 0patch PRO license.
0patch has made available technical details on how it developed its micropatch and posted a video showing it in action.