Try our new Certificate Revocation List Check Tool
CRLcheck.exe is a tool developed to verify digital signatures of executable files. It collects files from known paths on your client, checks their signature, and checks Certificate Revocation Lists (CRL) and OCSP download. This helps avoid delays in launching files.
Category published:  Deployment GPO | Gruppenrichtlinien   Click on the Category button to get more articles regarding that product.

IE11 leak in jscript.dll CVE-2018-8653 XMAS Hotfix

Posted by admin on 22.12.2018

Microsoft Internet Explorer scripting engine JScript memory corruption vulnerability

The Leak was patched back in 2015 for jscript9.dll which is by default used by IE11. We HIGHLY recommend this patch

to urgently get installed intermin beside regular patch days and before XMAS. Esp. In Europe (Germany, Switzerland, EMEA) we have has a large amount

of Personalized Ransomware E-Mail which used that leak finally. The E-Mail did drop through most enterprise SPAM Filters like Fortigate Fortimail, Fortigate Sandbox, Mcafee ATD, Mcafee MSFE Exchange and most of the TUX Spam Filters.

https://support.microsoft.com/de-ch/help/3034196/ms15-009-description-of-the-security-update-for-jscript9-dll-in-intern

Veröffentlichungsdatum: 19. Dezember 2018

Version: OS Build 17763.195

https://support.microsoft.com/de-ch/help/4483235/december192018kb4483235osbuild17763195

Now if you tell the host to use jscript.dll (Patched 19.12.2018) and not jscript9.dll (patched 2015 and again on 15.12.2018) than it will use the UNPATCHED DLL. The patch this week is for the jscript.dll which Microsoft did not want to patch in that form because they were unsure if third party will us the dll in that form. (As I understood) Or forgot?

Download the Patches:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653

Workaround if you are not able to install the patch:

32-bit systems:

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

64-bit systems:

takeown /f %windir%\syswow64\jscript.dll

cacls %windir%\syswow64\jscript.dll /E /P everyone:N

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:N

Affected:

Server 2008/2008R2/2012/2012R2/2016/2019

Most of clients OS

Some KB:

2018-12 Kumulatives Update für Windows 10 Version 1809 für ARM64-basierte Systeme (KB4483235), Windows 10

2018-12 Kumulatives Update für Windows 10 Version 1809 für x86-basierte Systeme (KB4483235) , Windows 10

2018-12 Kumulatives Update für Windows Server 2019 für x64-basierte Systeme (KB4483235) , Windows Server 2019

2018-12 Kumulatives Update für Windows 10 Version 1809 für x64-basierte Systeme (KB4483235) , Windows 10


 Category published:  Deployment GPO | Gruppenrichtlinien   Click on the Category button to get more articles regarding that product.

Related Post

Crowdstrike Falcon, BSOD, VMWARE Server Recovery DEU

Proxy settings der Cryptography API bei Zertifikatswiderrufslisten (CRL) von einem CRL-Verteilungspunkt

Certutil.exe –url –urlcache how to use and freeware GUI crl check to automate CRL verify

Template theme: Newsup by Themeansar (External Link, you will leave www.butsch.ch).