Hello, welcome to the Monday, January 20th, 2020 edition of the Sandcent, Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

Well, on Friday, you may have been too busy dealing with Microsoft's patch Tuesday, all of those good remote desktop gateway issues,

and of course the signature problem to notice that Microsoft published another security advisory

with warning that there is a memory corruption issue in Microsoft's scripting engine that's

currently actively being exploited.

Microsoft scripting engine, of course, that's JavaScript, and with that, browsers are affected

by this according to the advisory.

Everything going back to Internet Explorer 9 on Windows Server 2008 is affected.

I don't see Windows 7 listed here, but remember this bulletin was released after the Windows

7 expiration date.

So no surprise to not have it listed here and I would almost expect it to be vulnerable.

Now Microsoft's workaround here is to essentially remove access to JScript.DL.

When I saw this first I thought, well, that's not really going to work in any

practical system. Sounds like you're turning off JavaScript. Well, it turns out that's actually

not quite true. The affected browsers usually use J-Crypt9. DLL, which is not affected, not JScript.t.l.

So J-Script. dlll is only used in certain circumstances.

It's a little bit hard to predict what's going to happen if you do disable J-script.tl, but

well, it's always a lot of fun to debug things like this on production system so just go ahead

And of course the other vulnerability that we are tracking is CVE 2020 0601 or curveball now a couple of people reported that

Virus Total shows a number of no actual malware being

delivered with fake signatures.

...