Description: The zero-day, which is tracked as CVE-2020-0674, is a memory corruption issue in the browser’s scripting engine. Its exploitation could enable remote attackers to run code of their choice on the compromised system. Microsoft has released a security advisory alerting users to an as-yet unpatched vulnerability in its Internet Explorer (IE) web browser that is being exploited in limited targeted attacks
What to do: This can be mitigated by restricting access to the JavaScript component JScript.dll. Also, Microsoft noted that the risk of exploitation is lower on Windows Server, where Internet Explorer is, by default, locked down to protect against browser-based attacks. This restricted mode, called Enhanced Security Configuration, “can reduce the likelihood of a user or administrator downloading and running specially crafted web content on a server”, said Microsoft.
Other than that, ensure strong firewalls, password policies and data encryption are in place.
Educate your employees about browser-based attacks and urge them to be cautious. Upgrade to SSL if you haven’t already done so.
