Sometimes fixing a security issue can lead to new problems. Microsoft is experiencing failures with the temporary fix of a recently found zero-day Internet Explorer vulnerability, as users and information security firms have reported that this workaround negatively affects Windows systems, leading to the crashing of the printing function in some machines.
A week ago, the company disclosed the existence of a zero-day remote code execution vulnerability in Internet Explorer 11, 10, and 9, tracked as CVE-2020-0674. If exploited, the flaw would allow hackers to create a specially crafted website to execute commands remotely on the target system. The flaw was being exploited in the wild, although the company claims that exploitation cases are small.
Because there are no updates available yet, the company released a workaround that requires changing the owner of %windir%-system32-jscript.dll and denying access to the file for the Everyone group. It should be noted that Microsoft had already warned that this method might affect some features that depend on the jscript.dll file.
Unfortunately, the errors generated by this workaround are greater than expected. Soon after, multiple users who implemented the temporary fix reported malfunctions in the operation of their USB printers from HP and other manufacturers, information security experts mentioned.
In general, when users tried to print a document, the machine responded with input & output errors, so the printing process was not completed. According to information security experts, in addition to the printer-related issue, this temporary fix can also lead to other flaws, such as:
- Windows Media player crashes when trying to play MP4 files
- SFC (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with the correct versions of Microsoft, collapses into jscript.dll with altered permissions
- Automatic proxy configuration scripts (PAC scripts) may not work
Some security firms have developed temporary patches to fix the flaw without experiencing these issues. If you do not want to install a third-party developer patch, the International Institute of Cyber Security (IICS) recommends removing the fix and waiting for the release of the full Microsoft patch.
To remove the fix:
For 32-bit systems, enter the following command at the admin command prompt:
cacls %windir%-system32-jscript.dll /E/R everyone
For 64-bit systems, enter the following command at the admin command prompt:
cacls %windir%-system32-jscript.dll /E/R everyone
cacls %windir%syswow64jscript.dll /E /R everyone
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.