North Korean hackers attacking laptops with Internet Explorer flaw: What to do
The vulnerability has been exploited in the wild
North Korean hackers seem to be exploiting a zero-day flaw in Internet Explorer, and Microsoft doesn't have an answer.
We strongly recommend you stop using Internet Explorer immediately. If you favor Microsoft software, download the new Edge browser. Not only is it protected from this vulnerability, but Edge offers a much better browsing experience than IE. Chrome and Firefox are also safe to use.
If you need Microsoft's outdated browser, then our friends over at Tom's Guide recommend using a limited-user account that can't modify any software.
Microsoft's next Patch Tuesday isn't slated until Feb 11, so it could be weeks before we see a fix.
Microsoft discloses vulnerability
Microsoft disclosed the vulnerability on Jan 17, posting an advisory that describes the flaw as one that could corrupt memory in a way that lets attackers "execute arbitrary code." When exploited, the attacker would have the same full access to the computer as a legitimate user.
"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," the advisory states.
If the attacker gains admin user rights then they could take control of the system and install programs, delete data or create new accounts.
Not every deal is worth a squeal. Get only the good stuff from us.
The deal scientists at Laptop Mag won't direct you to measly discounts. We ensure you'll only get the laptop and tech sales that are worth shouting about -- delivered directly to your inbox this holiday season.
Possible ties to North Korea
What makes this vulnerability particularly frightening is that it could have ties to North Korean hackers.
As Tom's Guide points out, this flaw appears to be related to one that went after Mozilla Firefox. Researchers at Qihoo 360 who found the flaw quickly removed a tweet claiming that IE was also affected.
A later blog post from Qihoo 360 pinned the IE attack on the North Korean hacking group DarkHotel, which is known for tracking the movements of high-profile business travelers. Microsoft has not confirmed whether the zero-day is linked to North Korean hackers or otherwise, but the company marked the flaw as "critical."
Before Microsoft disclosed the vulnerability, it was discovered by a division of Homeland Security called CERT/CC. In an advisory, the branch said that IE's JScript component contains an "unspecified memory corruption vulnerability" and that all apps supporting this component could be "used as an attack vector." CERT/CC also said it detected exploits in the wild.
What you can do to protect IE
There is no official patch that fixes the vulnerability but Microsoft posted some workarounds to reduce your risk.
You should only take these precautions if you're a high-risk target as they could reduce the functionality of features that rely on jscript.dll.
Here are the steps for 32-bit Windows systems:
1. Open the admin command prompt.
2. Enter the following prompt in order:
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:
3. Add these two lines if you're a 64-bit Windows user.
takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
Phillip Tracy is the assistant managing editor at Laptop Mag where he reviews laptops, phones and other gadgets while covering the latest industry news. After graduating with a journalism degree from the University of Texas at Austin, Phillip became a tech reporter at the Daily Dot. There, he wrote reviews for a range of gadgets and covered everything from social media trends to cybersecurity. Prior to that, he wrote for RCR Wireless News covering 5G and IoT. When he's not tinkering with devices, you can find Phillip playing video games, reading, traveling or watching soccer.