CVE-2020-0674: Microsoft Internet Explorer 0day – Scripting Engine Memory Corruption Vulnerability being exploited in the wild

Last Updated: January 19 @ 15:40

Overview

  • Memory corruption in jscript.dll

  • Exploitable via Internet Explorer 9 through 11

  • On Microsoft Windows 7 through 10 and Server 2008 through Server 2016

  • Being actively exploited

Mitigation Advice

Detection Methods

<Sysmon schemaversion="4.22"> <EventFiltering> <RuleGroup name="" groupRelation="or"> <ImageLoad onmatch="include"> <ImageLoaded name="technique_id=1189,technique_name=Drive-by Compromise,note=Possible CVE-2020-0674 Exploit - just checks for jscript.dll being loaded though so don't get too excited" condition="end with">jscript.dll</ImageLoaded> </ImageLoad>
</RuleGroup>
</EventFiltering>
</Sysmon>

* 1:48699 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine downgrade detected (browser-ie.rules)
* 1:48700 <-> DISABLED <-> BROWSER-IE Microsoft Internet Explorer JavaScript engine downgrade detected (browser-ie.rules)

Questions

  • Qihoo 360 tweet talked about a vuln affecting IE and Firefox – now deleted – related?

  • Are any sites delivering the payload known?

  • Any indicators of which actors?

Other Information

Similar Vulnerabilities

These vulnerabilities share mitigation advice and are in the same component

This post is curated by the team at NCC Group/Fox-IT – https://www.nccgroup.trust/

Thanks to the Courtesy of :

https://www.reddit.com/r/netsec/comments/equ1s6/cve20200674_microsoft_internet_explorer_0day/

Leave a Reply