Spenser Jones

Micropatching the JScript 0-day vulnerability CVE-2020-0674

Just four days after the January 17th, 2020 discovery of a 0-day exploit affecting Internet Explorer's jscript.dll, 0patch have released their analysis of the vulnerable code, along with a micropatch for the 18 bytes that need to change to prevent IE from being able to load jscript.dll. 0patch is a company that works to quickly release micropatches for high-severity vulnerabilities, while we wait for the vendor to roll out a complete fix. It works by modifying the memory of vulnerable applications, instead of rewriting the executable itself, allowing patches to be immediately applied without a need for reboots, or the risk of corruption when applying the vendor fix. Now that Windows 7 and Windows Server 2008 have reached end-of-life, 0patch has also committed to provide security patches through to January 2023.

Additional Reading