Microsoft has announced that it has discovered a flaw in Internet Explorer that allows hackers to take control of your PC. How to defend yourself
Don’t use Microsoft Internet Explorer: it is affected by a dangerous vulnerability. Microsoft knows about it, has admitted it but has not yet released a patch to close this flaw that allows a hacker, via JavaScript commands, to take possession of our computer and steal all our data.
The vulnerability has been classified with the code of ADV200001 Scripting Engine Memory Corruption Vulnerability, it occurs on Internet Explorer in all versions for Windows Server 2008, 2009, 2012, 2016 and 2019, Windows 10, Windows 7, Windows 8.1 and 8.1 RT. At the moment, Microsoft has only published a list of actions to mitigate the risk, but not to solve the root of the problem. It is, in fact, a zero-day vulnerability that was not considered at the time of Internet Explorer’s launch. It is also very similar to the one recently discovered by Qihoo 360 on Mozilla Firefox, which, in a later deleted tweet, stated that the vulnerability also affected Internet Explorer.
Why Internet Explorer is dangerous
Exactly as we have already seen for the Mozilla Firefox bug, also on Microsoft’s browser there is an error in the Java script engine. This error allows a hacker to execute code remotely (so-called RCE attacks: remote code execution) if the user visits a page infected with a virus, which inserts a malicious script into the site. When the user visits the page, the script starts, exploiting the vulnerability of the browser to “enter” the PC used to surf the page and gradually take possession of it through a series of steps. As Microsoft itself explains, “A malicious user who has successfully exploited the vulnerability could obtain the same permissions as the current user. If the current user is logged in with administrator rights, a malicious user who has successfully exploited the vulnerability could take control of an affected system. A malicious user could then install programs, view, modify or delete data, or create new accounts with full user rights.” Translated: a hacker could do what he wants with our PC.
How to mitigate the problem
Microsoft doesn’t have a patch ready yet, but it’s working on it. In the meantime, it has communicated how it is possible to “mitigate” the risks arising from the ADV200001 vulnerability: by acting on the operating system, even before Internet Explorer. In a nutshell, this involves running the OS in Enhanced Security Configuration mode, which reduces the likelihood of a user or administrator downloading and running specially crafted web content on a server. However, this mode is only available on Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 and is set by default. For regular PC operating systems, however, you can only get around this by restricting access to the JScript.dll file. To do this you need to have system administrator rights, open the command prompt and type the following command strings:
takeown /f %windir%syswow64jscript.dll
cacls %windir%syswow64jscript.dll /E /P everyone:N
takeown /f %windir%system32jscript.dll
cacls %windir%system32jscript.dll /E /P everyone:N
The entire procedure is described on this page of Microsoft’s website.