Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Internet Explorer zero-day RCE attack
NextPrevious

Internet Explorer zero-day RCE attack

News, Vulnerabilities | 23 January, 2020 | 0

Microsoft has released details of a zero-day remote code execution vulnerability which is being actively exploited to attack Windows computers. It affects all versions of Internet Explorer running on Windows 7, 8.1 and 10.

The problems lies in one of the two javascript engines available within IE.  Since a webpage can request IE to use a specific javascript engine, a malicious site is able to force the exploit either through an element on a trusted page such as an Advert or by tricking the user to visit a specially crafted webpage.  The issue is tracked as CVE-2020-0674 and is a flaw in the way objects in memory are handled.  By exploiting the vulnerability, an attacker is able to execute arbitrary code on the machine.

Until Microsoft issues a patch (and possibly forever for the 1 in 4 desktop machines that now run the unsupported Windows 7 Operating System) you can manually disable the javascript engine which has the vulnerability. Since the flawed library is not the default javascript engine, it is unlikely that many legitimate sites will be insisting in using the legacy javascript library.  Full instructions for disabling the vulnerable library are provided in the Microsoft security advisory.

 

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
microsoft, patching, web browsers

Related Post

  • Windows zero day RCE vulnerabilities under attack

    By Mark Faithfull

    Microsoft warns that attackers are targeting two zero-day remote code execution vulnerabilities that exist in all versions of Windows – and a fix is not expected until the April patch Tuesday. The vulnerabilities exist inRead more

  • Microsoft patches critical SMB flaw

    By Mark Faithfull

    Microsoft has released a patch to fix a remote code execution flaw in the SMB protocol affecting Windows 10 PC and their servers.  SMB is used by Active Directory, for network file sharing and someRead more

  • Final Windows 7 Patches and critical security bug fixed

    By Mark Faithfull

    The last ever Windows 7 Patch Tuesday update also includes a fix to a long standing bug in the Windows cryptographic library (CryptoAPI) which could allow attackers to spoof digital certificates and conduct man-in-the-middle attacks.Read more

  • Windows 7 and Server 2008 support ends January

    By Mark Faithfull

    There are just two patch Tuesdays left until Windows 7 and Windows Server 2008 reach their end of support cut off in January 2020. Organisations that are unable (or unwilling) to make the leap toRead more

  • Bluekeep exploits seen in the wild

    By Mark Faithfull

    Bluekeep is serious vulnerability in the RDP protocol affecting Windows systems.  After months of waiting, active exploits have now been spotted in the wild for the first time, attempting to install cryptomining malware on theRead more

NextPrevious

Recent Posts

  • SecureTeam achieve ISO 9001 & 27001 accreditation
  • Ransomware trends 2020
  • Windows zero day RCE vulnerabilities under attack
  • Amnesty warns of 2FA weaknesses
  • Microsoft patches critical SMB flaw

Tags

Android blockchain Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft patching penetration testing phishing ransomware RDP Row Hammer security breach Security operations security testing SIEM Spectre supply chain attacks Sysinternals Tomcat TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more