Security News > 2020 > January > Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day

Unofficial Patch Released for Recently Disclosed Internet Explorer Zero-Day
2020-01-22 12:20

ACROS Security's 0patch service on Tuesday released an unofficial fix for CVE-2020-0674, a recently disclosed vulnerability in Internet Explorer that has been exploited in targeted attacks.

Microsoft informed customers last Friday that Internet Explorer is affected by a zero-day vulnerability.

Microsoft has suggested that it might only fix CVE-2020-0674 with its February 2020 Patch Tuesday updates and in the meantime the company has shared a workaround that involves restricting access to jscript.

The company claims its patch implements the workaround recommended by Microsoft, but without having a negative impact on functionality.

The unofficial patch is available for the 32-bit and 64-bit versions of Windows 7, 10, Server 2008 and Server 2019.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/zY4JUy_mJBQ/unofficial-patch-released-recently-disclosed-internet-explorer-zero-day

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-02-11 CVE-2020-0674 Use After Free vulnerability in Microsoft Internet Explorer 10/11/9
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'.
network
high complexity
microsoft CWE-416
7.5