Block Internet Explorer’s Latest Vulnerability With This Workaround

Microsoft disclosed a troublesome vulnerability in Internet Explorer last week, affecting various permutations of Internet Explorer 9, 10, and 11 across Windows 7, 8.1, and Windows 10 (as well as various editions of Windows Server). The bad news is that Microsoft won’t likely patch this problem until February—when the next major batch of security updates hits.

Thankfully, there are a few workarounds you can use right now to keep yourself safe from this new remote code execution vulnerability. Before we get to that, here’s a quick description from Microsoft of how this vulnerability could be exploited in the wild:

“An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email.”

To keep yourself safe, let’s start with the basics: common sense. Don’t visit shitty websites; don’t get phished by websites that claim to be something they aren’t; don’t click on links you don’t recognise around the web (or via your emails); keep your guard up against messages and other “click here!” type content that seems incredibly suspicious.

Beyond that, now’s as good a time as any to switch over to Microsoft’s new Chromium-based Edge browser before it does this for you in a few months. You’ll not only get a better browsing experience, but you won’t be affected by the vulnerability of the browser you’re leaving behind.

[referenced url=”” thumb=”” title=”” excerpt=””]

If you must stick with Internet Explorer, consider this next workaround. Open up an administrative command prompt (search for “Command Prompt” after clicking your Start button, and then right-click to run Command Prompt as an administrator). What you’ll type in next is slightly different for 32-bit and 64-bit systems, and you’ll want to type a line in, hit Enter, type in the next line, et cetera.

32-bit Windows

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

64-bit Windows

takeown /f %windir%\syswow64\jscript.dll

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

[referenced url=”” thumb=”” title=”” excerpt=””]

These commands restrict access to a deprecated JScript library that has stuck around for compatibility—your browser now uses JScript9.dll, not JScript.dll, by default. You’ll want to revert this change once Microsoft patches up the browser, which requires another set of commands in an administrative command prompt:

32-bit Windows

cacls %windir%\system32\jscript.dll /E /R everyone

64-bit Windows

cacls %windir%\system32\jscript.dll /E /R everyone

cacls %windir%\syswow64\jscript.dll /E /R everyone

Comments


Leave a Reply