CVE-2019-1367 : vulnérabilité critique de corruption mémoire d'Internet Explorer exploitée en environnement réel
Zero-day memory corruption vulnerability in Internet Explorer has been observed in attacks in the wild
Contexte
On September 23, Microsoft released an out-of-band patch for a zero-day vulnerability in Internet Explorer that has been exploited in the wild.
Analyse
CVE-2019-1367 is a memory corruption vulnerability in Internet Explorer’s scripting engine in the way that objects in memory are handled. Exploitation of this vulnerability could result in the attacker gaining arbitrary code execution under the same privileges as the current user. In the event that the current user has administrative privileges, an attacker could perform various actions on the system, from creating a new account with full privileges to installing programs or even modifying data.
To exploit the vulnerability, an attacker would have to host the exploit on a malicious website and socially engineer a user into opening that website in Internet Explorer. In the case of a targeted attack, an attacker could include a link to the malicious website in an email or in a malicious email attachment (HTML file, PDF file, Microsoft Office document) that supports embedding the scripting engine content.
The vulnerability was discovered by Clément Lecigne of Google’s Threat Analysis Group (TAG). Earlier this year, Lecigne discovered and reported two zero-day vulnerabilities: a use-after-free vulnerability in Google Chrome (CVE-2019-5786) and an elevation of privilege vulnerability in Microsoft Windows (CVE-2019-0808) that were exploited together in the wild.
Additional details about the in-the-wild exploitation of this vulnerability have not yet been made public by Lecigne and Google’s TAG, though we anticipate such details will be disclosed in a blog post in the near future.
Démonstration de faisabilité (PoC)
At the time this blog was published, no proof-of-concept (PoC) was available.
Solution
Microsoft released an out-of-band patch for this vulnerability due to the report that it has been exploited in the wild. Please refer to the Security Updates section for additional information on the IE Cumulative Update or relevant Security Updates.
Additionally, Microsoft has provided workarounds for both 32-bit and 64-bit systems by restricting access to the JScript.dll file. An administrator can do so by entering specific commands into the command prompt; the commands are available at the end of the security advisory page. However, these workarounds should only be used as a temporary measure until patching is feasible. Commands to revert the workarounds are also available on the Microsoft security advisory page linked above.
Identification des systèmes affectés
A list of Tenable plugins to identify this vulnerability will appear here as they’re released.
Où trouver plus d'informations
Rejoignez l'équipe SRT de Tenable sur Tenable Community.
Apprenez-en plus sur Tenable, la première plateforme de Cyber Exposure qui vous permet de gérer votre surface d'attaque moderne de manière globale.
Get a free 60-day trial of Tenable.io Vulnerability Management.
Articles connexes
How to Discover, Analyze and Respond to Threats Faster with Generative AI
June 17, 2024Generative AI (GenAI) is being hailed as the most transformative innovation since the rise of the internet. For security, GenAI can revolutionize the field if applied correctly, especially when it comes to threat detection and response. It enhances efficiency and productivity by swiftly processing and delivering critical information when it matters most.
These Services Shall Not Pass: Abusing Service Tags to Bypass Azure Firewall Rules (Customer Action Required)
June 3, 2024Azure customers whose firewall rules rely on Azure Service Tags, pay attention: You could be at risk due to a vulnerability detected by Tenable Research. Here’s what you need to know to determine if you’re affected, and if so, what you should do right away to protect your Azure environment from attackers.
Cybersecurity Snapshot: EPA Urges Water Plants To Boost Cybersecurity, as OpenSSF Launches Threat Intel Platform for Open Source Software
May 24, 2024Check out the EPA’s call for water plants to beef up their cyber defenses. Plus, open source developers have a new platform to share threat intelligence. Moreover, business email compromise attacks prompt alert from U.K.’s cyber agency. And CISA tackles DNS encryption best practices. And much more!
How the regreSSHion Vulnerability Could Impact Your Cloud Environment
July 5, 2024With growing concern over the recently disclosed regreSSHion vulnerability, we’re explaining here what it is, why it’s so significant, what it could mean for your cloud environment and how Tenable Cloud Security can help.
Cybersecurity Snapshot: Malicious Versions of Cobalt Strike Taken Down, While Microsoft Notifies More Orgs About Midnight Blizzard Email Breach
July 5, 2024Check out the results of a multinational operation against illegal instances of Cobalt Strike. Plus, more organizations are learning that Midnight Blizzard accessed their email exchanges with Microsoft. Meanwhile, Carnegie Mellon has a new report about how to fix and mitigate API vulnerabilities. And two new reports shed light on cyber insurance trends. And much more!
Cybersecurity Snapshot: Memory Bugs Pervasive in Open Source SW, While Car Dealership Chaos Persists After Ransomware Attack
June 28, 2024Check out why memory vulnerabilities are widespread in open source projects. Plus, get the latest on the ransomware attack that’s disrupted car sales in North America. In addition, find out why a majority of organizations grew their cyber budgets this year. And learn how confidential data from U.S. chemical facilities may have been accessed by hackers. And much more!
- Threat Intelligence
- Threat Management
- Vulnerability Management
- Vulnerability Scanning