Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers, this is the security community's go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

Microsoft Internet Explorer Remote Code Execution 0-Day (CVE-2020-0674)

2020 is not starting out quietly for Microsoft, it seems. After the first Patch Tuesday of 2020 addressing a vulnerability in CryptoAPI last week, Microsoft released an advisory for an Internet Explorer 0-Day, assigned CVE-2020-0674, scheduled to be fixed in the upcoming Patch Tuesday.

This is another in a string of Remote Code Execution (RCE) vulnerabilities related to the Scripting Engine. Microsoft’s advisory covers mitigations that can be employed until the vulnerability is patched, so we recommend that you check it out. For Trustwave's Secure Web Gateway (SWG) customers: Fear not, SWG customers have been protected against attacks exploiting this CVE since Security Update 222 (released Jan 2019).