Service Notices

All Notices > Security Notices > Internet Explorer Remote Code Execution Vulnerability (CVE-2020-0674)

Internet Explorer Remote Code Execution Vulnerability (CVE-2020-0674)

Mar 10, 2020 GMT+08:00

I. Overview

An Internet Explorer remote code execution vulnerability (CVE-2020-0674) has been disclosed and fixed in the patch released in February by Microsoft. The vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. An attacker who successfully exploited the vulnerability could implement remote code execution.

If you are a Windows OS user, check your system and implement timely security hardening.

Reference link:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001

II. Severity

Severity: important

(Severity: low, moderate, important, and critical)

III. Affected Products

Affected versions:

Product

Windows Version

Internet Explorer   9

Windows Server   2008 x64/x32 sp2

Internet Explorer   10

Windows Server   2012

Internet Explorer   11

Windows 7 x64/x32   sp1

Internet Explorer   11

Windows 8.1   x64/x32

Internet Explorer   11

Windows RT 8.1

Internet Explorer   11

Windows 10   x64/x32

Internet Explorer   11

Windows 10   Version 1607 x64/x32

Internet Explorer   11

Windows 10   Version 1709 x64/x32/arm64

Internet Explorer   11

Windows 10   Version 1803 x64/x32/arm64

Internet Explorer   11

Windows 10   Version 1809 x64/x32/arm64

Internet Explorer   11

Windows 10   Version 1903 x64/x32/arm64

Internet Explorer   11

Windows 10   Version 1909 x64/x32/arm64

Internet Explorer   11

Windows Server   2008 R2 x64 sp1

Internet Explorer   11

Windows Server   2012

Internet Explorer   11

Windows Server   2012 R2

Internet Explorer   11

Windows Server   2016

Internet Explorer   11

Windows Server   2019

IV. Vulnerability Handling

This vulnerability has been fixed in the official patch released in February. Upgrade your system using the patch.

Workaround:

Disable JScript.dll. However, it may affect pages that depend on JavaScript. Exercise caution when performing this operation.

Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.