PricingCareersContact Us
< Back to Blog

Remediate Windows Vulnerability CVE-2020-0674

Rhett Glauser
 | Jan 20, 2020
 | Vulcan Cyber VP marketing

Alert: There’s a new zero-day RCE on Windows Internet Explorer, CVE-2020-0674, with no available patches out there yet. Not only that, as of now (1/20/20) this vulnerability cannot be scanned by VA tools. This vulnerability is highly dangerous and is reported to have been exploited in the wild. Therefore, security teams must act fast.

As Microsoft claimed, in a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email. 

How to Remediate

While there is no patch currently available to remediate this vulnerability, Microsoft have released a security advisory that contains a workaround that could mitigate the threat until a patch becomes available:

Restrict access to JScript.dll 

For 32-bit systems, enter the following command at an administrative command prompt: 

takeown /f %windir%system32jscript.dll    

cacls %windir%system32jscript.dll /E /P everyone:N

 

For 64-bit systems, enter the following command at an administrative command prompt: 

takeown /f %windir%syswow64jscript.dll    

cacls %windir%syswow64jscript.dll /E /P everyone:N    

takeown /f %windir%system32jscript.dll    

cacls %windir%system32jscript.dll /E /P everyone:N

 

Undoing the workaround (if necessary):

For 32-bit systems, enter the following command at an administrative command prompt: 

cacls %windir%system32jscript.dll /E /R everyone

 

For 64-bit systems, enter the following command at an administrative command prompt: 

cacls %windir%system32jscript.dll /E /R everyone        

cacls %windir%syswow64jscript.dll /E /R everyone 

 

Vulcan’s Remediation Playbook for CVE-2020-0674

In order to mitigate multiple assets automatically, we’ve generated a PowerShell script capable of automatically running the mitigating control on the target system. The script will automatically determine if the operating system is 64 or 32 bit and will apply the mitigation accordingly.

Download the script here

To mitigate, run the following script: 

PS C: > ./CVE2020-mitigation.ps1

 

To undo:

PS C: > ./CVE2020-mitigation.ps1 -undo $True 

 

Deployment Recommendation: 

You can deploy the PowerShell mitigation easily with tools like SCCM, Intune and more or even by running it via logon script. 

Impact of Workaround 

Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. To be fully protected, Microsoft recommends the update be installed as soon as possible. Please revert the mitigation steps before installing the update to return to a full state. 

By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize jscript as the scripting engine.  

Alternative Unofficial Workaround: 

Block the use of Internet Explorer and Edge via GPO or Deny connections with Windows defender firewall. 

To learn more about Vulcan Cyber, speak with one of our experts

About the Author

Rhett Glauser

Rhett has been running corporate marketing and demand generation functions in the enterprise infrastructure and security markets for a really long time. Prior to Vulcan Cyber Rhett spent more than two decades with SaltStack, ServiceNow, Symantec and Altiris.

Popular Posts

3 Keys to Actionable Cybersecurity Threat Intelligence

Read More >

A Closer Look at Vulnerability Disclosure Policy

Read More >

A History of the Vulnerability Management Lifecycle

Read More >
< Back to Blog
Did you find this interesting? Share it with others:

Be a Fixer