Skip to main content
IT Community Partnerships Indiana University

Internet Explorer Zero-Day Remote Code Execution Vulnerability

Posted on by mkleine

IT Professionals:

The University Information Security Office would like to make you aware of the following security bulletin of a Zero-Day vulnerability in Internet Explorer.

A new, unpatched, zero-day remote code execution vulnerability has been found in Internet Explorer [1].  This critical vulnerability can allow an attacker to execute arbitrary code giving them the same rights as the currently logged in user.  We are not aware of any attacks targeting IU, however, limited exploitation has occurred in the wild [2] and it is only a matter of time until we observe local attempts at exploitation.

While no patches are available, Microsoft has provided a workaround which mitigates this vulnerability [3].  If you do not need Internet Explorer, the recommended course of action is to disable it from running.  If you have a business use for Internet Explorer, you are advised to immediately apply the workaround until Microsoft releases a patch.  Please be sure to adequately test these solutions before broad deployment to prevent potential negative impacts for your users.

Thanks for your immediate attention to this issue.

–IT Community Partnerships on behalf of the University Information Security Office

[1] Microsoft Internet Explorer Scripting Engine memory corruption vulnerability https://kb.cert.org/vuls/id/338824/
[2] Zero-Day Remote Code Execution Vulnerability in Internet Explorer Has Been Observed in Attacks https://www.tenable.com/blog/cve-2020-0674-internet-explorer-remote-code-execution-vulnerability-exploited-in-the-wild
[3] ADV200001 Guidance on Scripting Engine Memory Corruption Vulnerability https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001

~~~~~ Today’s IT Pro Tip ~~~~~

Yoga, Ice Hockey, Crafting, Live Music; What is your pleasure?  Make plans to attend the 2020 UITS Engagement Expo, hosted by IT Community Partnerships, on Tuesday, February 4, 10am-2pm in the Wrubel Commons, IU Bloomington.  The event is your opportunity to explore and join existing or new employee groups, clubs or committees led by UITS.  Live music back by popular demand; Margaret Tratta will play guitar and sing and Julie Songer will debut playing the electric violin and fiddle throughout the event.  Email TALK2UITS@IU.edu with questions.

Skip to toolbar