Microsoft's temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users.
On January 17th, 2020, Microsoft disclosed a zero-day remote code execution vulnerability in Internet Explorer 11, 10, and 9 that was being used in "limited targeted attacks".
To exploit this vulnerability, attackers can create a specially crafted web site that when visited in Internet Explorer will remotely execute commands on the visitor's computer without their knowledge or permission.
As no update is available yet, Microsoft released a temporary fix that involves changing the owner of the %windir%\system32\jscript.dll and denying access to the file for the Everyone group.
Fix causes problems printing in Windows
As part of this advisory, Microsoft stated that the fix for the Internet Explorer CVE-2020-0674 vulnerability could affect features that rely on the jscript.dll file.
"Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. For example, depending on the environment, this could include client configurations that leverage proxy automatic configuration scripts (PAC scripts). These features and others may be impacted."
Unfortunately, the scope of issues being caused by applying this fix is greater than originally thought.
Since applying this fix, many users have reported that this fix is also causing printing to fail on HP printers and other USB printers.
When users attempt to print they receive I/O errors and the print jobs fail.
In addition to the print issues, 0patch discovered that Microsoft's mitigation also caused the following issues:
- Windows Media Player is reported to break on playing MP4 files.
- The sfc (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions, chokes on jscript.dll with altered permissions.
- Printing to "Microsoft Print to PDF" is reported to break.
- Proxy automatic configuration scripts (PAC scripts) may not work.
If you are affected by these issues, 0patch has released a micropatch that can be used to fix this vulnerability without the negative side-effects described above.
If you do not wish to install a third-party update, you can remove Microsoft's fix until a security update for the vulnerability is released. This, though, will cause Internet Explorer to become vulnerable to remote attacks.
To remove the fix on 32-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone
For 64-bit systems, enter the following command at an administrative command prompt:
cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone
If you do remove the fix, you should not use Internet Explorer to browse the web until an official update is released.
Comments
NoneRain - 4 years ago
Hope MS manage to make the IE mode in Edge work so well, they will remove IE entirely.
forum11 - 4 years ago
Unfortunately, last I read it sounded like MS has no intention of removing IE from Win 10, even with the compatibility mode in Edge. We'll probably be stuck disabling/removing IE ourselves for years to come, sort of like we had to do with SMB1 for far too long.