Priority: High

Executive Summary: Microsoft have released an emergency security update for Internet Explorer following the discovery of a remote code execution vulnerability in the product [1]. The vulnerability, which is known to affect at least versions 9-11 of Internet Explorer, is caused by an issue in how the web browser’s scripting engine handles objects in memory. An attacker could design a website which would exploit the vulnerability when a user browses to it using Internet Explorer, compromising the visitor’s machine. The attacker would have the level of permissions of the user, meaning that if they are an administrator, the attacker would gain full access over the machine.

The vulnerability has been designated the MITRE vulnerability code CVE-2019-1367. The security flaw was discovered by a researcher at the Google Threat Analysis Group, and there are no known cases of the vulnerability being exploited in the wild.

Detect: Any versions of Internet Explorer, at least between 9-11, which have not already been updated will be affected by this vulnerability.
ITC customers who are subscribed to the ITC-VI service can request a scan to identify affected devices.

Affected Products: Please see Appendix A (or visit Source 1) to see the list of affected products, platforms, impacts and severities provided by Microsoft.

Prevent: Microsoft have released security updates for affected Internet Explorer products 9-11, for each platform that they run on. Applying these updates will prevent against devices being susceptible to this attack vector.

There is a mitigation for Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and Windows Server 2019 instances of Internet Explorer, as these run in a restricted ‘Enhanced Security Configuration’ mode by fault. This mode can help to prevent a user unwittingly running malicious content from a web server.

It is also possible to perform a workaround by restricting access to Jscript.dll. This workaround can result in reduced functionality for any systems which use jscript.dll. Note that the mitigation steps must be reverted before security updates can be applied, which means that the workaround is unlikely to be deemed a worthwhile alternative to updating in the majority of cases. Please refer to Source 1 for an explanation of how to restrict access to jscript.dll.

React: The appropriate security updates should be applied to all affected systems as soon as possible.