Menlo Security Cloud Security Platform receives FedRAMP® Authorization
Most Searched
Traditional security approaches are flawed, costly, and overwhelming for security teams. Menlo Security is different. It’s the simplest, most definitive way to secure work—making online threats irrelevant to your users and your business.
Video
Our platform invisibly protects users wherever they go online. So threats are history and the alert storm is over.
eBook
Traditional network security wasn’t built to address today’s complex enterprise environments. SASE fixes that problem.
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise. The collective is made up of elite security researchers that put a spotlight on the threats you know and don’t know about.
Buyer's Guide
Menlo Labs provides insights, expertise, context and tools to aid customers on their journey to connect, communicate and collaborate securely without compromise.
Menlo Security | Sep 25, 2019
Share this article
Menlo Security customers are 100 percent protected against recent zero-day exploits in Internet Explorer. The exploits CVE-2019-1367 and CVE-2019-1255 are being actively used in limited attacks.
If you’re wondering what we’re talking about and guessed browser zero-days, then you’re absolutely right. Microsoft issued an OOB patch for two critical vulnerabilities -CVE-2019-1367 and CVE-2019-1255 – on 09/23/2019. OOB patches are usually issued by Microsoft when there is an indication that a vulnerability is being actively exploited by bad actors in the wild.
CVE-2019-1367 is a flaw in the scripting engine responsible for parsing and executing JavaScript in all Internet Explorer versions, resulting in unpatched Windows machines being exposed to this zero-day vulnerability. It looks eerily similar to the flaw exploited in CVE-2018-8653. The mitigation provided by Microsoft for both these vulnerabilities is the same:
For 32-bit systems, enter the following command at an administrative command prompt: takeown /f %windir%system32jscript.dll cacls %windir%system32jscript.dll /E /P everyone:N
For 64-bit systems, enter the following command at an administrative command prompt: takeown /f %windir%syswow64jscript.dll cacls %windir%syswow64jscript.dll /E /P everyone:N takeown /f %windir%system32jscript.dll cacls %windir%system32jscript.dll /E /P everyone:N
Both attacks are targeting jscript.dll, the script execution engine. jscript9.dll, the default JavaScript engine starting with IE9, is immune to this flaw, but jscript.dll is still used by IE for some websites. We speculate that attackers were able to trigger the use of jscript.dll on a site they either control or infected. This is another reminder that browsers are a prime target and that bad actors are investing heavily in finding and exploiting browser vulnerabilities.
How does Menlo protect you? Customers using Menlo Isolation Secure Web Gateway to isolate all websites are completely protected from CVE-2019-1367 and any zero-day browser attack.
Menlo’s unique architectural approach executes webpages on isolated browsers in its cloud, and all active content (JavaScript, Flash) is fetched and executed there. Menlo then mirrors the rendered content to the end user’s machine using its patented technology, preventing attacks that exploit such vulnerabilities.
Menlo customers can rest easy – no need to go scrambling to patch browsers, as Menlo Security’s isolation completely thwarts this attack.
Menlo Labs is currently gathering more details and will update this blog when more details emerge.
Check out the recommended strategy for Secure Web Access from Gartner and Magic Quadrant for Secure Web Gateway to see why Menlo continues to be the answer to security concerns.
Posted by Menlo Security on Sep 25, 2019
Tagged with Isolation, RBI, Web Security
Protecting the Remote Workforce
To talk to a Menlo Security expert, complete the form, or call us at (650) 695-0695.