CVE-2020-0673
📋 TL;DR
This vulnerability allows remote attackers to execute arbitrary code on affected systems by exploiting a memory corruption flaw in Internet Explorer's scripting engine. Attackers can compromise systems by tricking users into viewing specially crafted web content. Users running vulnerable versions of Internet Explorer on Windows systems are affected.
💻 Affected Systems
- Internet Explorer
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full system compromise with attacker gaining same privileges as the logged-in user, potentially leading to data theft, ransomware deployment, or lateral movement within networks.
Likely Case
Malware installation, credential theft, or system takeover when users visit malicious websites or open malicious documents.
If Mitigated
Limited impact with proper security controls like application whitelisting, least privilege accounts, and network segmentation.
🎯 Exploit Status
Exploitation requires user interaction (visiting malicious website or opening malicious document). Multiple proof-of-concept exploits have been published.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Security updates released in January 2020 (KB4534297 for Windows 10, KB4534293 for Windows 8.1, etc.)
Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0673
Restart Required: Yes
Instructions:
1. Apply Microsoft's January 2020 security updates through Windows Update. 2. For enterprise environments, deploy patches via WSUS or SCCM. 3. Restart systems after patch installation.
🔧 Temporary Workarounds
Disable JScript.dll access
windowsRestrict access to JScript.dll to prevent exploitation of the scripting engine vulnerability.
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
Use alternative browser
windowsSwitch to Microsoft Edge or other modern browsers that are not affected by this vulnerability.
🧯 If You Can't Patch
- Implement application control policies to block execution of unauthorized scripts and binaries.
- Configure Internet Explorer to run in Enhanced Security Configuration mode and restrict access to untrusted websites.
🔍 How to Verify
Check if Vulnerable:
Check Internet Explorer version (Help > About Internet Explorer) and compare against affected versions (9, 10, 11). Verify Windows has not applied January 2020 security updates.Check Version:
wmic qfe list | findstr KB4534297Verify Fix Applied:
Verify Windows Update history shows January 2020 security updates installed (KB4534297, KB4534293, or other relevant KBs).📡 Detection & Monitoring
Log Indicators:
- Internet Explorer crash logs with jscript.dll or vbscript.dll modules
- Windows Event Logs showing unexpected process creation from iexplore.exe
Network Indicators:
- HTTP requests to known exploit domains or unusual script downloads
- Outbound connections from Internet Explorer to unexpected IP addresses
SIEM Query:
source="Windows Security" EventID=4688 AND (NewProcessName="*cmd.exe" OR NewProcessName="*powershell.exe") AND ParentProcessName="*iexplore.exe"