[SingCERT] Alert on Microsoft Scripting Engine Memory Corruption Vulnerability (CVE-2018-8653)

Published on Friday, 21 December 2018 11:55

Background

Microsoft has released an out-of-band security update to address a critical vulnerability discovered in its Internet Explorer (IE) software.

This memory corruption vulnerability (CVE-2018-8653) affects IE when browsing websites that utilise the JScript as the scripting engine.

Affected Products

The following Microsoft products are affected:

  •  Internet Explorer 9
  •  Internet Explorer 10
  •  Internet Explorer 11
Impact

An attacker could divert unsuspecting IE users to visit a website which is embedded with a specially crafted script that can exploit this vulnerability.

Upon successful exploitation, the attacker could install malware, view, change, or delete data in the compromised machine; or create new accounts with full user rights.

Recommendation

Users and System Administrators are advised to apply the out-of-band security patch released by Microsoft immediately at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653.

Workaround

System Administrators may choose to restrict access to JScript.dll by entering the following commands:

  •  For 32-bit systems: cacls %windir%\system32\jscript.dll /E /P everyone:N
  •  For 64-bit systems: l%windir%\syswow64\jscript.dll /E /P everyone:N
References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653

https://www.zdnet.com/article/microsoft-releases-security-update-for-new-ie-zero-day/