Security News > 2020 > January > Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day
ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.
Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.
Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.
The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.
The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.
News URL
Related news
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Apple Releases Urgent Updates to Patch Actively Exploited Zero-Day Vulnerabilities (source)
- New Windows zero-day exposes NTLM credentials, gets unofficial patch (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-02-11 | CVE-2020-0674 | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |