Microsoft releases emergency patch for Internet Explorer zero-day

by Ugnius Kiguolis - -

The zero-day vulnerability was discovered by Google researchers

Internet Explorer zero-day patch

On December 19th, Microsoft released an emergency patch which fixes the vulnerability in Internet Explorer web browser. Allegedly, the hackers are already actively employing the flaw to hack into Windows computers all around the world.

The zero-day, tracked as CVE-2018-8653, was discovered and reported by Google's security researcher Clement Lecigne. The vulnerability is a remote code execution (RCE) bug that was found within Explorer's scripting engine.

According to the advisory[1] that detailed the vulnerability, the flaw in JScript component would allow the hacker to execute malicious code directly into the victim's system.

Microsoft patched the flaw immediately and urged all users to update their operating systems as soon as possible in order to avoid a possible hack. Microsoft said:[2]

Today, we released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks.

Customers who have Windows Update enabled and have applied the latest security updates, are protected automatically. We encourage customers to turn on automatic updates.

Microsoft would like to thank Google for their assistance. More information about this security update can be found on the Security Update Guide

The zero-day allows hackers to gain user-level privileges on the computer

According to Microsoft, the bad actor can use several old tricks in order to exploit the zero-day flaw:

  • Lure users into malicious website where the malicious code is run on their computer automatically;
  • Send phishing emails with malicious attachments that can execute the code.

And it does not matter where the user gets the infected file from – the machine will be infected immediately. The hacker can then install new programs, change, delete, add new files, and take over the infected computer completely.

Fortunately, the hacker does not receive elevated rights by using this vulnerability, as long as the victim is logged in with his or her user account. In such a case, the attacker can only execute basic functions on the hijacked machine, although that is enough for successful malware installation.

However, there is a catch. If the system was not patched previously, the hacked could abuse the previous vulnerabilities CVE-2018-8611,[3] CVE-2018-8589, CVE-2018-8453 and CVE-2018-8440 to gain admin privileges. 

The zero-day vulnerability can be exploited on Windows server 2012 (IE 10), Windows 10 (IE 11), Windows 7 (IE 11), Windows 8.1 (IE 11), Windows RT 8.1 (IE 11), Windows Server 2008 R2 (IE 11) and Windows Server 2008 (IE 9).

Immediately patch your system or set automatic updates

While there ways to prevent the vulnerability from working by forbidding the jscript.dll access via the Command Prompt, experts recommend patching their systems immediately. By default, Windows automatic updates are turned on but if by some reason it is switched off, follow these steps:

  1. Type in “Windows Update Settings” into Cortana's search box and hit Enter;
  2. Select “Advanced options”;
  3. Under “Choose how updates are installed” pick “Automatic (recommended)”

Unfortunately, not all the users and even businesses manage to patch their software on time. For example, a threat from 2017 – WannaCry – is still very much prevalent today,[4] and is still using EternalBlue[5] exploit, which was patched back in March 2017.

This shows how vital updates are – so do not wait until ransomware or other threat hits your computer.

About the author

Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions

References