Security News > 2020 > January > Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day
ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.
Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.
Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.
The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.
The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.
News URL
Related news
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-0674 | Use After Free vulnerability in Microsoft Internet Explorer 10/11/9 A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. | 7.5 |