Security News > 2020 > January > Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day
ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.
Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.
Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.
The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.
The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.
News URL
Related news
- Patch Tuesday: Internet Explorer Vulnerabilities Still Pose a Problem (source)
- Malicious ads exploited Internet Explorer zero day to drop malware (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-0674 | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.6 |