According to Microsoft, a vulnerability has been identified in Internet Explorer that can “..corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.” effectively giving full access to your computer, depending on the logged in user’s role on the machine.
CVE-2019-1367 was published by Microsoft on September 23rd identifying the issue and providing workarounds.
From the CVE article, the workaround is as follows:
Restrict access to JScript.dll For 32-bit systems, enter the following command at an administrative command prompt:takeown /f %windir%\system32\jscript.dllcacls %windir%\system32\jscript.dll /E /P everyone:NFor 64-bit systems, enter the following command at an administrative command prompt:takeown /f %windir%\syswow64\jscript.dllcacls %windir%\syswow64\jscript.dll /E /P everyone:Ntakeown /f %windir%\system32\jscript.dllcacls %windir%\system32\jscript.dll /E /P everyone:NImpact of Workaround Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. To be fully protected, Microsoft recommends the update be installed as soon as possible. Please revert the mitigation steps before installing the update to return to a full state. By default, IE11, IE10, and IE9 uses Jscript9.dll which is not impacted by this vulnerability. This vulnerability only affects certain websites that utilize jscript as the scripting engine. How to undo the workaround For 32-bit systems, enter the following command at an administrative command prompt:cacls %windir%\system32\jscript.dll /E /R everyoneFor 64-bit systems, enter the following command at an administrative command prompt:cacls %windir%\system32\jscript.dll /E /R everyonecacls %windir%\syswow64\jscript.dll /E /R everyone
This bug impacts Internet Explorer users currently on Windows 7, Windows 8/8.1 and Windows 10.
There is a patch available for this as well that can be downloaded from the Windows Update Catalog – KB4522016
If you have to use Internet Explorer for compatibility reasons with older websites, it is highly recommended that you install this update or employ the workaround given from Microsoft. Otherwise, if you can, just avoid using Internet Explorer.
