Microsoft has warned of a zero-day flaw in Internet Explorer which is being exploited in the wild by malicious parties.
“A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer,” explained Microsoft.
“The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user.”
The vulnerability affects Internet Explorer in Windows 7, 8.1, and 10.
Microsoft is working on a fix, but recommends that users use a workaround in the interim that will protect them against exploits.
To achieve this on a 64-bit device, users must enter the following into an elevated iteration of command prompt:
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N
Then, once Microsoft makes a formal patch available, users can manually undo the workaround using the following:
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone
The next scheduled patch for Windows is only set to take place on 11 February.