Menlo Security customers are 100 percent protected against recent zero-day exploits in Internet Explorer. The exploits CVE-2019-1367 and CVE-2019-1255 are being actively used in limited attacks.
If you're wondering what we're talking about and guessed browser zero-days, then you're absolutely right. Microsoft issued an OOB patch for two critical vulnerabilities -CVE-2019-1367 and CVE-2019-1255 - on 09/23/2019. OOB patches are usually issued by Microsoft when there is an indication that a vulnerability is being actively exploited by bad actors in the wild.
For 32-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%system32jscript.dllcacls %windir%system32jscript.dll /E /P everyone:N
For 64-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%syswow64jscript.dllcacls %windir%syswow64jscript.dll /E /P everyone:Ntakeown /f %windir%system32jscript.dllcacls %windir%system32jscript.dll /E /P everyone:N
How does Menlo protect you?
Menlo customers can rest easy - no need to go scrambling to patch browsers, as Menlo Security’s isolation completely thwarts this attack.
Menlo Labs is currently gathering more details and will update this blog when more details emerge.