![]() Once patched, proof-of-concept code was also published on GitHub, and these vulnerabilities also quickly entered the arsenal of exploit kit developers. The JScript scripting engine is an old component that was initially included with Internet Explorer 3.0 in 1996 and was Microsoft's own dialect of the ECMAScript standard (the JavaScript language).ĭevelopment on the JScript engine ended, and the component was deprecated with the release of Internet Explorer 8.0 in 2009, but the engine remained in all Windows OS versions as a legacy component inside IE.Īcross the years, threat actors realized they could attack the JScript engine, as Microsoft wasn't actively developing it and only rarely shipped security updates, usually only when attacked by threat actors.ĬVE-2018-8653, CVE-2019-1367, CVE-2019-1429, and CVE-2020-0674 are some of the recent JScript zero-days that Microsoft had to deal with over the past three years.Īll were bugs exploited by nation-state actors, for which Microsoft had to hurry to ship patches. ![]() ![]() As part of the October 2020 Patch Tuesday security updates, Microsoft has added a new option to Windows to let system administrators disable the JScript component inside Internet Explorer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |