Skip to content
  • Why Deepwatch?
    • Squad Delivery Model
    • Deepwatch Platform
    • Deepwatch Secure Score
    • Deepwatch Labs
  • Solutions
    • Managed Detection and Response (MDR)
      • MDR Enterprise
      • MDR Essentials
    • Managed Extended Detection Response (MXDR)
    • Endpoint Detection and Response (EDR)
    • Vulnerability Management (VM)
    • Firewall Management Solution
  • Company
    • About
    • Leadership
    • Careers
    • Contact
  • Partners
    • Channel Partners
    • Technology Alliance Partners
  • Resources
    • Resource Library
    • Blog
    • Case Studies
    • eBooks
    • Whitepapers
    • Datasheets
    • Video
    • Newsroom
    • Events
  • Search
  • Ready to Talk?
×

New Research Report: Security Leaders' Top Challenges & Priorities for 2023

Read Now
12.21.18

IE – Scripting Engine Memory Corruption Vulnerability CVE-2018-8653

By Dave Farquhar, 

Yesterday, Microsoft released a patch for a 0-day vulnerability impacting multiple versions of Internet Explorer which allows for remote code exploitation. Deepwatch recommends patching as soon as practical.

Overview

On December 19th, 2018 Microsoft released a patch for a 0-day vulnerability that impacted multiple Internet Explorer versions within all platforms. The vulnerability could potentially allow a remote code execution attack on the scripting engine that handles objects within Internet Explorer (IE) and gives the attacker the same rights as the user logged into the system.

Technical Overview

A remote code execution attack can be performed within IE’s memory handling for a file called Jscript.dll. This attack would allow an attacker to corrupt a portion of IE’s memory which could allow code to be executed into the affected system. By exploiting this particular vulnerability an attacker would gain the same rights as a user, as well as potentially provide the attacker a pivot point into the environment.

The vulnerability was disclosed to Microsoft by the Google Threat Analysis team member Clement Ligne, and is assumed to being exploited in the wild, with the suggestion from many organizations to patch immediately based on the severity of the vulnerability (CVSS of 7.5 at the vulnerabilities highest rating).

Potential Impact

If an attacker is able to exploit a remote code execution on a user’s vulnerable browser then they would be able to gain the same rights as the user logged in. Additionally, while this impact can be limited through limiting the access users have to the Operating System, even with limited access the attacker can still use the system as a potential pivot point within the network.

What You Should Do

Currently all versions of IE on all in-life servers and workstations are considered vulnerable, and it is recommended to patch as soon as possible due to this vulnerability already being exploited in the wild. For organization which are unable to patch immediately, it is recommended to implement the following work-around provided by Microsoft:

Restrict access to JScript.dll. For 32-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /P everyone:

For 64-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\syswow64\jscript.dll /E /P everyone:N

This vulnerability only affects certain websites that utilizes jscript as the scripting engine. Should this impact legitimate websites used in your organization, the workaround can be undone. For 32-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone

For 64-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\syswow64\jscript.dll /E /R everyone

Deepwatch will provide additional information to protect its customers and others if and when it becomes available.

Supporting Information

  • https://www.tenable.com/blog/microsoft-releases-out-of-band-patch-for-internet-explorer-remote-code-execution-vulnerability
  • https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8653?ranMID=43674&ranEAID=je6NUbpObpQ&ranSiteID=je6NUbpObpQ-rTSgqR0mdVwYZBf_O29Pyg&epi=je6NUbpObpQ-rTSgqR0mdVwYZBf_O29Pyg&irgwc=1&OCID=AID681541_aff_7795_1243925&tduid=(ir__g1yk6qvyzzvhuwoownzjkp0w0m2xhkgsahsodz3f00)(7795)(1243925)(je6NUbpObpQ-rTSgqR0mdVwYZBf_O29Pyg)()&irclickid=_g1yk6qvyzzvhuwoownzjkp0w0m2xhkgsahsodz3f00
  • https://www.zdnet.com/article/microsoft-releases-security-update-for-new-ie-zero-day/

Subscribe to the Deepwatch Insights Blog

Post navigation

Previous post

Zoom Desktop Conferencing CVE-2018-15715

Next post

DNS Infrastructure Hijacking Campaign

Deepwatch

DENVER
OFFICE & SOC

7800 East Union Avenue
Suite 900
Denver, CO 80237 USA
855.303.3033

TAMPA
OFFICE & SOC

4030 W Boy Scout Blvd.
Suite 550
Tampa, FL 33607 USA
855.303.3033

[email protected]

Why Deepwatch

  • Squad Delivery Model
  • Deepwatch Platform
  • Deepwatch Secure Score
  • Deepwatch Labs

Solutions

  • Managed Detection and Response (MDR)
  • MDR Essentials
  • MDR Enterprise
  • Managed Extended Detection Response (MXDR)
  • Endpoint Detection and Response (EDR)
  • Vulnerability Management (VM)
  • Firewall Management Solution

Company

  • About Us
  • Leadership
  • Careers
  • Contact

Resources

  • Resource Library
  • Insights Blog
  • News
  • Events

Partners

  • Channel Partners
  • Technology Alliance Partners

Contact

  • Let's Talk
  • Customer Login
  • Partner Login
GDPR Badge PCI Badge SOC2 Badge TRUSTe
LinkedIn Twitter YouTube YouTube

© Copyright 2023 Deepwatch incorporated

Trust | Sitemap | Privacy Policy