Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Internet Explorer zero-day RCE attack
NextPrevious

Internet Explorer zero-day RCE attack

News, Vulnerabilities | 23 January, 2020 | 0

Microsoft has released details of a zero-day remote code execution vulnerability which is being actively exploited to attack Windows computers. It affects all versions of Internet Explorer running on Windows 7, 8.1 and 10.

The problems lies in one of the two javascript engines available within IE.  Since a webpage can request IE to use a specific javascript engine, a malicious site is able to force the exploit either through an element on a trusted page such as an Advert or by tricking the user to visit a specially crafted webpage.  The issue is tracked as CVE-2020-0674 and is a flaw in the way objects in memory are handled.  By exploiting the vulnerability, an attacker is able to execute arbitrary code on the machine.

Until Microsoft issues a patch (and possibly forever for the 1 in 4 desktop machines that now run the unsupported Windows 7 Operating System) you can manually disable the javascript engine which has the vulnerability. Since the flawed library is not the default javascript engine, it is unlikely that many legitimate sites will be insisting in using the legacy javascript library.  Full instructions for disabling the vulnerable library are provided in the Microsoft security advisory.

 

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
microsoft, patching, web browsers

Related Post

  • Critical Domain Controller Flaw Requires Urgent Patching

    By Mark Faithfull

    A critical vulnerability in Microsoft Netlogon was patched in the August patch cycle – but was so dangerous that details were not made public until September when (hopefully) many systems would have been patched.  IfRead more

  • September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities

    By Mark Faithfull

    The September 2020 patch Tuesday contain fixes for 23 Critical vulnerabilities in Microsoft products and 129 fixes in total – including a Microsoft Exchange vulnerability that can allow remote code execution simply by sending aRead more

  • Microsoft Patches two zero-day Exploits

    By Mark Faithfull

    Microsoft’s August patch-Tuesday bundle fixes 120 vulnerabilities including two under active exploitation- one of them over two years old. Weighing in at 120 fixes, the August 2020 Patch Tuesday is the third largest ever releasedRead more

  • Critical Microsoft DNS RCE Vulnerability

    By Mark Faithfull

    Microsoft has released a patch to resolve a critical remote code execution vulnerability that has lived in the DNS server code for 17 years. A blog post from the Microsoft Security Response Centre states: Today weRead more

  • Record breaking June Patch Tuesday

    By Mark Faithfull

    In June 2020 Microsoft’s Patch Tuesday fixes a record 129 defects and vulnerabilities in its software – with a further 19 patches in the June Microsoft Office patch bundle. This continues a recent trend ofRead more

NextPrevious

Recent Posts

  • Ransomware claims drop dramatically after mandatory scans
  • Critical Domain Controller Flaw Requires Urgent Patching
  • How Return-Oriented Programming exploits work
  • NCSC Publishes Vulnerability Disclosure Toolkit
  • September patch Tuesday fixes 23 Critical Microsoft Vulnerabilities

Tags

Android blockchain Bluetooth Chrome Cisco credential stuffing cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft patching penetration testing phishing ransomware RDP Row Hammer security breach Security operations security testing SIEM Spectre supply chain attacks Sysinternals Tomcat TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • April 2020
  • March 2020
  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS ISO 9001 ISO 27001
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more