Skip to main content

North Korean hackers attacking laptops with Internet Explorer flaw: What to do

(Image credit: BeeBright/Shutterstock)

North Korean hackers seem to be exploiting a zero-day flaw in Internet Explorer, and Microsoft doesn't have an answer. 

We strongly recommend you stop using Internet Explorer immediately. If you favor Microsoft software, download the new Edge browser. Not only is it protected from this vulnerability, but Edge offers a much better browsing experience than IE. Chrome and Firefox are also safe to use. 

If you need Microsoft's outdated browser, then our friends over at Tom's Guide recommend using a limited-user account that can't modify any software. 

Microsoft's next Patch Tuesday isn't slated until Feb 11, so it could be weeks before we see a fix. 

Microsoft discloses vulnerability 

Microsoft disclosed the vulnerability on Jan 17, posting an advisory that describes the flaw as one that could corrupt memory in a way that lets attackers "execute arbitrary code." When exploited, the attacker would have the same full access to the computer as a legitimate user. 

"In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website, for example, by sending an email," the advisory states.

If the attacker gains admin user rights then they could take control of the system and install programs, delete data or create new accounts. 

Possible ties to North Korea

What makes this vulnerability particularly frightening is that it could have ties to North Korean hackers. 

As Tom's Guide points out, this flaw appears to be related to one that went after Mozilla Firefox. Researchers at Qihoo 360 who found the flaw quickly removed a tweet claiming that IE was also affected.

A later blog post from Qihoo 360 pinned the IE attack on the North Korean hacking group DarkHotel, which is known for tracking the movements of high-profile business travelers. Microsoft has not confirmed whether the zero-day is linked to North Korean hackers or otherwise, but the company marked the flaw as "critical." 

Before Microsoft disclosed the vulnerability, it was discovered by a division of Homeland Security called CERT/CC. In an advisory, the branch said that IE's JScript component contains an "unspecified memory corruption vulnerability" and that all apps supporting this component could be "used as an attack vector." CERT/CC also said it detected exploits in the wild. 

What you can do to protect IE

There is no official patch that fixes the vulnerability but Microsoft posted some workarounds to reduce your risk. 

You should only take these precautions if you're a high-risk target as they could reduce the functionality of features that rely on jscript.dll. 

Here are the steps for 32-bit Windows systems:

1. Open the admin command prompt. 

2. Enter the following prompt in order: 

takeown /f %windir%\system32\jscript.dll

cacls %windir%\system32\jscript.dll /E /P everyone:

3. Add these two lines if you're a 64-bit Windows user. 

takeown /f %windir%\syswow64\jscript.dll

cacls %windir%\syswow64\jscript.dll /E /P everyone:N