Microsoft Warns of Unpatched IE Browser Zero Day That's Under Active Attacks

  • NIC-CERT/2020-01/189
  • Date: 2020-01-20

1. Microsoft Warns of Unpatched IE Browser Zero-Day That's Under Active Attacks

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it.

The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.

A remote attacker can execute arbitrary code on targeted computers and take full control over them just by convincing victims into opening a maliciously crafted web page on the vulnerable Microsoft browser.

Reference :

2. Update Windows 10 Immediately to Patch a Flaw Discovered by the NSA

Microsoft has now also published its January security advisories warning billions of users of 49 new vulnerabilities in its various products.

What's so special about the latest Patch Tuesday is that one of the updates fixes a serious flaw in the core cryptographic component of widely used Windows 10, Server 2016 and 2019 editions that was discovered and reported to the company by the National Security Agency (NSA) of the United States.

What's more interesting is that this is the first security flaw in Windows OS that the NSA reported responsibly to Microsoft, unlike the Eternalblue SMB flaw that the agency kept secret for at least five years and then was leaked to the public by a mysterious group, which caused WannaCry menace in 2017.


3. Adobe Releases First 2020 Patch Tuesday Software Updates

Adobe has released software updates to patch a total of 9 new security vulnerabilities in two of its widely used applications, Adobe Experience Manager and Adobe Illustrator.

It's the first Patch Tuesday for the year 2020 and one of the lightest patch releases in a long time for Adobe users.

Moreover, none of the security vulnerabilities patched this month were either publicly disclosed or found being actively exploited in the wild.


4. PoC Exploits Released for Citrix ADC and Gateway

RCE VulnerabilityIt's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.

Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC and Gateway products that could allow anyone to leverage them to take full control over potential enterprise targets.

Just before the last Christmas and year-end holidays, Citrix announced that its Citrix Application Delivery Controller (ADC) and Citrix Gateway are vulnerable to a critical path traversal flaw (CVE-2019-19781) that could allow an unauthenticated attacker to perform arbitrary code execution on vulnerable servers.


5. Google Play Store Apps Exploit Android Zero-Day Used by NSO Group

Watch out! If you have any of the below-mentioned file managers and photography apps installed on your Android phone—even if downloaded from the official Google Store storeâ?—you have been hacked and being tracked.

These newly detected malicious Android apps are Camero, FileCrypt, and callCam that are believed to be linked to Sidewinder APT, a sophisticated hacking group specialized in cyber espionage attacks.

According to cybersecurity researchers at Trend Micro, these apps were exploiting a critical use-after-free vulnerability in Android at least since March last yearâ?—that's 7 months before the same flaw was first discovered as zero-day when Google researcher analysed a separate attack developed by Israeli surveillance vendor NSO Group.


6. Are You Ready for Microsoft Windows 7 End of Support on 14th January 2020?

January 14, 2020, is a day cybersecurity stakeholders should pay attention to, as it marks the end of Microsoft support in Windows 7.

From a security perspective, both the routine monthly security patches as well as hotfixes for attacks in the wild will not be available, effectively making any newly discovered vulnerability a Windows 7 zero-day.

Cynet 360 autonomous breach protection is a good example of a multilayered advanced protection solution that can enable organizations who run Windows 7 to remain secure despite the end of support (to learn more click here).

Let's dig a bit deeper to understand the risk. The reality is that all software contains bugs. Ideally, these bugs are discovered during the development process. In practice, many of them surface only following the product release in the course of their interactions with real users.

Bugs that can be exploited for malicious purposes are called vulnerabilities. Microsoft conducts rigorous and ongoing research to discover and fix such vulnerabilities.

Every second (or sometimes fourth) Tuesday of the calendar month, Microsoft releases these fixes, also known as patches. Once these patches are installed, the machine is 100% protected from the exploitation of these vulnerabilities. However, this protection will no longer apply to machines that run Windows 7, starting on January 14, 2020.