Why ANY Web browser is still not safe

Menlo Security customers are 100 percent protected against recent zero-day exploits in Internet Explorer. The exploits CVE-2019-1367 and CVE-2019-1255 are being actively used in limited attacks.

Chrome, Firefox, Apple iOS and now Internet Explorer…

If you’re wondering what we’re talking about and guessed browser zero-days, then you’re absolutely right. Microsoft issued an OOB patch for two critical vulnerabilities -CVE-2019-1367 and CVE-2019-1255 – on 09/23/2019. OOB patches are usually issued by Microsoft when there is an indication that a vulnerability is being actively exploited by bad actors in the wild.

CVE-2019-1367 is a flaw in the scripting engine responsible for parsing and executing JavaScript in all Internet Explorer versions, resulting in unpatched Windows machines being exposed to this zero-day vulnerability. It looks eerily similar to the flaw exploited in CVE-2018-8653. The mitigation provided by Microsoft for both these vulnerabilities is the same:

For 32-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%system32jscript.dll
cacls %windir%system32jscript.dll /E /P everyone:N

For 64-bit systems, enter the following command at an administrative command prompt:
takeown /f %windir%syswow64jscript.dll
cacls %windir%syswow64jscript.dll /E /P everyone:N
takeown /f %windir%system32jscript.dll
cacls %windir%system32jscript.dll /E /P everyone:N

Both attacks are targeting jscript.dll, the script execution engine. jscript9.dll, the default JavaScript engine starting with IE9, is immune to this flaw, but jscript.dll is still used by IE for some websites. We speculate that attackers were able to trigger the use of jscript.dll on a site they either control or infected. This is another reminder that browsers are a prime target and that bad actors are investing heavily in finding and exploiting browser vulnerabilities.

How does Menlo protect you?
Customers using Menlo Isolation Secure Web Gateway to isolate all websites are completely protected from CVE-2019-1367 and any zero-day browser attack.

Menlo’s unique architectural approach executes webpages on isolated browsers in its cloud, and all active content (JavaScript, Flash) is fetched and executed there. Menlo then mirrors the rendered content to the end user’s machine using its patented technology, preventing attacks that exploit such vulnerabilities.

Menlo customers can rest easy – no need to go scrambling to patch browsers, as Menlo Security’s isolation completely thwarts this attack.

Menlo Labs is currently gathering more details and will update this blog when more details emerge.

Check out the recommended strategy for Secure Web Access from Gartner and Magic Quadrant for Secure Web Gateway to see why Menlo continues to be the answer to security concerns.