Microsoft’s temporary fix for a recently disclosed Internet Explorer zero-day vulnerability is causing numerous problems in Windows, including breaking printing for some users.

On January 17th, 2020, Microsoft disclosed a zero-day remote code execution vulnerability in Internet Explorer 11, 10, and 9 that was being used in “limited targeted attacks”.

To exploit this vulnerability, attackers can create a specially crafted web site that when visited in Internet Explorer will remotely execute commands on the visitor’s computer without their knowledge or permission.

As no update is available yet, Microsoft released a temporary fix that involves changing the owner of the %windir%\system32\jscript.dll and denying access to the file for the Everyone group.

Fix causes problems printing in Windows

As part of this advisory, Microsoft stated that the fix for the Internet Explorer CVE-2020-0674 vulnerability could affect features that rely on the jscript.dll file.

“Implementing these steps might result in reduced functionality for components or features that rely on jscript.dll. For example, depending on the environment, this could include client configurations that leverage proxy automatic configuration scripts (PAC scripts). These features and others may be impacted.”

Unfortunately, the scope of issues being caused by applying this fix is greater than originally thought.

Since applying this fix, many users have reported that this fix is also causing printing to fail on HP printers and other USB printers.

When users attempt to print they receive I/O errors and the print jobs fail.

In addition to the print issues, 0patch discovered that Microsoft’s mitigation also caused the following issues:

• Windows Media Player is reported to break on playing MP4 files.
• The sfc (Resource Checker), a tool that scans the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions, chokes on jscript.dll with altered permissions.
• Printing to “Microsoft Print to PDF” is reported to break.
• Proxy automatic configuration scripts (PAC scripts) may not work.

If you are affected by these issues, 0patch has released a micropatch that can be used to fix this vulnerability without the negative side-effects described above.

If you do not wish to install a third-party update, you can remove Microsoft’s fix until a security update for the vulnerability is released. This, though, will cause Internet Explorer to become vulnerable to remote attacks.

To remove the fix on 32-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone    

For 64-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone    
cacls %windir%\syswow64\jscript.dll /E /R everyone

If you do remove the fix, you should not use Internet Explorer to browse the web until an official update is released.

The information contained in this website is for general information purposes only. The information is gathered from ΒLEEPING COMPUTER, while we endeavour to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability or availability with respect to the website or the information, products, services, or related graphics contained on the website for any purpose. Any reliance you place on such information is therefore strictly at your own risk.  Through this website, you are able to link to other websites which are not under the control of CSIRT-CY. We have no control over the nature, content and availability of those sites. The inclusion of any links does not necessarily imply a recommendation or endorse the views expressed within them. Every effort is made to keep the website up and running smoothly. However, CSIRT-CY takes no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control.