Shulou(Shulou.com)06/01 Report--

Internet Explorer remote code execution vulnerability example analysis, I believe that many inexperienced people do not know what to do, so this article summarizes the causes of the problem and solutions, through this article I hope you can solve this problem.

0x00 vulnerability background

2020-01-17 Microsoft issued a risk alert for Internet Explorer.

Internet Explorer is the default browser built into all new versions of the Windows operating system since 1995, and it is also a part of Microsoft's Windows operating system. CVE-2020-0674 the flaw lies in the Internet Explorer scripting engine JScript.dll. A remote code execution vulnerability exists in this component. Discovered by Ella Yu from Qihoo 360 / Cl é ment Lecigne of Google's Threat Analysis Group.

The vulnerability could allow an attacker to execute arbitrary code in the current user environment. An attacker who exploits this vulnerability can gain the same user privileges as the current user. If the current user logs in with administrative user privileges, you can take full control of the affected system. Attackers are free to install programs, view / change or delete data, and create new accounts with full user privileges.

0x01 vulnerability details

The vulnerability occurs in JScript.dll, which is triggered by loading and executing specific js code in IE. The attack is low in cost and easy to implement.

The vulnerability can already be exploited, and Microsoft says it has found exploitation in the wild.

360CERT determined that the vulnerability was rated as serious.

It is recommended that the majority of users repair in accordance with the contents of the repair recommendations in time. Deactivate JScript.dll to avoid this vulnerability.

By default

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Windows Server 2016

Windows Server 2019

The Internet Explorer of this series of systems runs in the restricted mode of "enhanced security configuration". The enhanced security configuration is a set of presets in Internet Explorer that reduce the likelihood that users or administrators will download and run custom Web content on the server. This is a mitigation measure for sites that have not been added to the Internet Explorer trusted sites area.

However, 360CERT still recommends that you fix it in accordance with the recommendations in a timely manner. Deactivate JScript.dll to avoid this vulnerability.

0x02 impact version windows version Internet Explorer 9Windows Server 2008 x64/x32 sp2Internet Explorer 10Windows Server 2012Internet Explorer 11Windows 7 x64/x32 sp1Internet Explorer 11Windows 8.1 x64/x32Internet Explorer 11Windows RT 8.1Internet Explorer 11Windows 10 x64/x32Internet Explorer 11Windows 10 Version 1607 x64/x32Internet Explorer 11Windows 10 Version 1709 x64/x32/arm64Internet Explorer 11Windows 10 Version 1803 x64/x32/arm64Internet Explorer 11Windows 10 Version 1809 x64/x32/arm64Internet Explorer 11Windows 10 Version 1903 x64/x32/arm64Internet Explorer 11Windows 10 Version 1909 x64/x32/arm64Internet Explorer 11Windows Server 2008 R2 x64 sp1Internet Explorer 11Windows Server 2012Internet Explorer 11Windows Server 2012 R2Internet Explorer 11Windows Server 2016Internet Explorer 11Windows Server 20190x03 repair recommendation

Microsoft's official website has not yet released a security patch for this vulnerability.

The official measure is to temporarily disable JScript.dll completely for repair.

Note: disabling JScript.dll will cause pages that rely on js not to work properly, and most of the current Internet page content depends on js for rendering.

Disabling may seriously affect the display of normal pages. Please consider and arrange the repair work by yourself.

Disable JScript.dll

32-bit system

Takeown / f% windir%\ system32\ jscript.dll

Cacls% windir%\ system32\ jscript.dll / E / P everyone:N

64-bit system

Takeown / f% windir%\ syswow64\ jscript.dll

Cacls% windir%\ syswow64\ jscript.dll / E / P everyone:N

Takeown / f% windir%\ system32\ jscript.dll

Cacls% windir%\ system32\ jscript.dll / E / P everyone:N

Undo disable JScript.dll

32-bit system

Cacls% windir%\ system32\ jscript.dll / E / R everyone

64-bit system

Cacls% windir%\ system32\ jscript.dll / E / R everyone

Cacls% windir%\ syswow64\ jscript.dll / E / R everyone

After reading the above, have you mastered the method of example analysis of Internet Explorer remote code execution vulnerabilities? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.