Internet Explorer 9 thru 11 vulnerable
On January 17th of this year (2020), Microsoft discovered and disclosed the existence of a zero-day vulnerability. It was present in Internet Explorer versions 9 through 11. Hackers could display specially crafted websites that would allow them to remotely execute commands on a site visitor's computer without their knowledge. That is if they browsed the page using any of the above-mentioned versions.
Microsoft is still working on a permanent solution to the problem. As a stopgap, they released a temporary fix that involved changing the owner of a certain problematic .dll file (jscript.dll) and denying access to that file for the "Everyone" group. Unfortunately, that temporary solution created new problems.
Microsoft outlined the new issues as follows
"Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. For example, depending on the environment, this could include client configurations that leverage proxy automatic configuration scripts (PAC scrips). These features and others may be impacted."
The "fix" caused more problems than it fixed
As more and more people have downloaded the temporary fix, it has come to light that the scope of the issues caused by it is far greater than originally anticipated. A growing number of users are reporting that post-fix-installation, they're unable to print using HP and other USB connected printers, receiving an I/O error when a print command is issued.
Other users are reporting that MP4 files can't play on Windows Media Player and that printing to a Microsoft PDF file has stopped working after the temporary fix was applied.
Our perspective
The main point is that there are no good solutions here. If you decide to run without the temporary patch, then you risk having your PC taken over if you happen to visit the wrong site. If you patch, you may lose other functionality you rely on. Sadly, Microsoft has no ETA on when a permanent fix might be available, so you'll have to weigh the risks and your options carefully.
~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~
Meanwhile, check out this report
This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them
The author
Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.
I am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.
Contact me if you would like me to speak at your association.
