Call us today on: +44 (0)203 88 020 88
SecureTeamSecureTeamSecureTeamSecureTeam
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us

News

Home  >  News  >  Vulnerabilities  >  Internet Explorer zero-day RCE attack
NextPrevious

Internet Explorer zero-day RCE attack

News, Vulnerabilities | 23 January, 2020 | 0

Microsoft has released details of a zero-day remote code execution vulnerability which is being actively exploited to attack Windows computers. It affects all versions of Internet Explorer running on Windows 7, 8.1 and 10.

The problems lies in one of the two javascript engines available within IE.  Since a webpage can request IE to use a specific javascript engine, a malicious site is able to force the exploit either through an element on a trusted page such as an Advert or by tricking the user to visit a specially crafted webpage.  The issue is tracked as CVE-2020-0674 and is a flaw in the way objects in memory are handled.  By exploiting the vulnerability, an attacker is able to execute arbitrary code on the machine.

Until Microsoft issues a patch (and possibly forever for the 1 in 4 desktop machines that now run the unsupported Windows 7 Operating System) you can manually disable the javascript engine which has the vulnerability. Since the flawed library is not the default javascript engine, it is unlikely that many legitimate sites will be insisting in using the legacy javascript library.  Full instructions for disabling the vulnerable library are provided in the Microsoft security advisory.

 

 

Subscribe to our monthly cybersecurity newsletter
Stay up-to-date with the very latest cybersecurity news & technical articles delivered straight to your inbox
We hate spam as much as you do. We will never give your email address out to any third-party.
microsoft, patching, web browsers

Related Post

  • Final Windows 7 Patches and critical security bug fixed

    By Mark Faithfull

    The last ever Windows 7 Patch Tuesday update also includes a fix to a long standing bug in the Windows cryptographic library (CryptoAPI) which could allow attackers to spoof digital certificates and conduct man-in-the-middle attacks.Read more

  • Windows 7 and Server 2008 support ends January

    By Mark Faithfull

    There are just two patch Tuesdays left until Windows 7 and Windows Server 2008 reach their end of support cut off in January 2020. Organisations that are unable (or unwilling) to make the leap toRead more

  • Bluekeep exploits seen in the wild

    By Mark Faithfull

    Bluekeep is serious vulnerability in the RDP protocol affecting Windows systems.  After months of waiting, active exploits have now been spotted in the wild for the first time, attempting to install cryptomining malware on theRead more

  • RCE bugs fixed in patch Tuesday for September

    By Mark Faithfull

    The September Patch Tuesday release from Microsoft included 18 critical fixes and 79 in total.  The fixes include several Remote Code Execution vulnerabilities: RDP client-side remote code execution vulnerabilities Four remote code execution vulnerabilities wereRead more

  • Symantec blocks Windows Server 2008 updates

    By Mark Faithfull

    Symantec Endpoint Protection for Windows 7 and Server 2008 R2 is blocking Windows updates since August 2019. Back in April 2019 we reported that Microsoft planned to amend the way it digitally signed Windows updatesRead more

NextPrevious

Recent Posts

  • SUDO bug allows privilege escalation
  • Hue smart bulb RCE vulnerability patched
  • Cisco patches critical switch flaws
  • Ragnarok ransomware exploits Citrix vulnerability
  • Infrastructure Patching Problems

Tags

blockchain Bluetooth Chrome Cisco credential stuffing CREST cyber crime cyber essentials cyber security cyber security news Data Protection DNS Ethereum Exchange Server exim fileless formjacking GDPR Intel IoT Linux MacOS Meltdown microsoft OAuth patching PDF penetration testing phishing ransomware RDP Row Hammer security breach security testing SIEM Spectre supply chain attacks Sysinternals TPM UK Law VNC vulnerability management web applications web browsers wireless

Archives

  • February 2020
  • January 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • August 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • July 2018
  • June 2018
  • April 2018
  • January 2018
  • October 2017
BCS Cyber Essentials Cyber Essentials Cyber Essentials PLUS
information. secured.
  • Home
  • Our Services
    • Infrastructure Testing
      • Internal Network Penetration Test
      • External Network Penetration Test
      • Vulnerability Assessment
    • Web Application Penetration Test
    • Configuration Review
      • Windows Build Review
    • Information Assurance
      • ISO 27001 Gap Analysis
    • Cyber Essentials Certification
  • News
  • Articles
  • About
    • About SecureTeam
    • Cookie Policy
    • Privacy Notice
    • Website Terms & Conditions
    • White-Label Consultancy
    • Jobs
  • Contact Us
SecureTeam
SecureTeam use cookies on this website to ensure that we give you the best experience possible. If you continue to use our site we will assume that you are happy with cookies being used.OkRead more