RCE Vulnerability in Windows Internet Explorer 9 through 11 (CVE-2018-8653)
CVE-2018-8653
Sources
https://thehackernews.com/2018/12/internet-explorer-zero-day.html
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/ie-scripting-flaw-still-a-threat-to-unpatched-systems-analyzing-cve-2018-8653/
Risks
Successful exploitation of this vulnerability may result in the execution of arbitrary code in the user context. If the user has administrative rights, this could result in a full system compromise.
Proof of Concept code is already available, so this vulnerability should be treated as HIGH RISK.
Description
Microsoft released an out-of-band security update that addresses a critical vulnerability in the Internet Explorer web browser. The vulnerability is already being exploited in the wild, and abuses a flaw in the JScript engine.
The vulnerability can be exploited through multiple means: A malicious webpage, a specially crafted HTML page, a Word or PDF or any other document that supports embedded IE scripting, …
Recommended Actions
CERT.be recommends to apply the Windows patches as soon as you can. These should happen automatically if you have automatic updates enabled, or can be found here: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653
While it is not recommended, if for some reason patching is not an option, you can mitigate the attack by changing the permissions on jscript.dll to require administrator privileges. By doing so, Internet Explorer will fall back on Jscript9.dll, and in this dll, the vulnerability cannot be exploited. Some websites, however, may fail to render.
For 32-bit System — cacls %windir%\system32\jscript.dll /E /P everyone:N
For 64-bit System — cacls %windir%\syswow64\jscript.dll /E /P everyone:N