Published on Friday, 21 December 2018 11:55Background
Microsoft has released an out-of-band security update to address a critical vulnerability discovered in its Internet Explorer (IE) software.
This memory corruption vulnerability (CVE-2018-8653) affects IE when browsing websites that utilise the JScript as the scripting engine.
The following Microsoft products are affected:
- Internet Explorer 9
- Internet Explorer 10
- Internet Explorer 11
An attacker could divert unsuspecting IE users to visit a website which is embedded with a specially crafted script that can exploit this vulnerability.
Upon successful exploitation, the attacker could install malware, view, change, or delete data in the compromised machine; or create new accounts with full user rights.
Users and System Administrators are advised to apply the out-of-band security patch released by Microsoft immediately at https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653
System Administrators may choose to restrict access to JScript.dll by entering the following commands:
- For 32-bit systems: cacls %windir%\system32\jscript.dll /E /P everyone:N
- For 64-bit systems: l%windir%\syswow64\jscript.dll /E /P everyone:N