Webinar:
The Next Generation of Enterprise Browser Security
Icon Rounded Closed - BRIX Templates

Why ANY Web browser is still not safe

Menlo Security
|
September 23, 2019
linkedin logotwitter/x logofacebook logoSocial share icon via eMail

Menlo Security customers are 100 percent protected against recent zero-day exploits in Internet Explorer. The exploits CVE-2019-1367 and CVE-2019-1255 are being actively used in limited attacks.

Chrome, Firefox, Apple iOS and now Internet Explorer...

If you're wondering what we're talking about and guessed browser zero-days, then you're absolutely right. Microsoft issued an OOB patch for two critical vulnerabilities -CVE-2019-1367 and CVE-2019-1255 - on 09/23/2019. OOB patches are usually issued by Microsoft when there is an indication that a vulnerability is being actively exploited by bad actors in the wild.

CVE-2019-1367 is a flaw in the scripting engine responsible for parsing and executing JavaScript in all Internet Explorer versions, resulting in unpatched Windows machines being exposed to this zero-day vulnerability. It looks eerily similar to the flaw exploited in CVE-2018-8653. The mitigation provided by Microsoft for both these vulnerabilities is the same:

For 32-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%system32jscript.dllcacls %windir%system32jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:

takeown /f %windir%syswow64jscript.dllcacls %windir%syswow64jscript.dll /E /P everyone:Ntakeown /f %windir%system32jscript.dllcacls %windir%system32jscript.dll /E /P everyone:N

Both attacks are targeting jscript.dll, the script execution engine. jscript9.dll, the default JavaScript engine starting with IE9, is immune to this flaw, but jscript.dll is still used by IE for some websites. We speculate that attackers were able to trigger the use of jscript.dll on a site they either control or infected. This is another reminder that browsers are a prime target and that bad actors are investing heavily in finding and exploiting browser vulnerabilities.

How does Menlo protect you?

Customers using Menlo Isolation Secure Web Gateway to isolate all websites are completely protected from CVE-2019-1367 and any zero-day browser attack.Menlo’s unique architectural approach executes webpages on isolated browsers in its cloud, and all active content (JavaScript, Flash) is fetched and executed there. Menlo then mirrors the rendered content to the end user's machine using its patented technology, preventing attacks that exploit such vulnerabilities.

Menlo customers can rest easy - no need to go scrambling to patch browsers, as Menlo Security’s isolation completely thwarts this attack.

Menlo Labs is currently gathering more details and will update this blog when more details emerge.

Check out the recommended strategy for Secure Web Access from Gartner andMagic Quadrant for Secure Web Gatewayto see why Menlo continues to be the answer to security concerns.