Share This:

It has come to our notice that Microsoft recently identified a security vulnerability for remote code execution that impacts Internet Explorer browser . Details about the advisory are given below.

  • Microsoft has identified a security vulnerability in Internet Explorer that can allow an attacker to gain access to the user’s workstation. (Click here for the Microsoft Announcement)
    • Microsoft has announced that they are working on a fix for this issue. They have also provided an interim workaround until the fix is ready. 
    • Microsoft has also stated this workaround may cause issues with applications that use jscript.dll and should only be applied to systems with elevated risk
  • Track-It! uses jscript.dll.  This means that any browser where the workaround is applied will be unable to login to Track-It! and will show an error message of: MetaData Init Failed [20814] [METADATA] – Unknown error. [Overlapped I/O operation is in progress]

Microsoft recommends these mitigation steps only if there is indication that you are under elevated risk. If you implement the workaround, you will need to revert the mitigation steps before installing any future updates to continue to be protected.

  • Track-It! users either should not apply this fix or they should use Chrome or Firefox with Track-It! until Microsoft delivers the fix to Internet Explorer.

If you have already applied the fix to your browser, you can undo it by following the steps below:

How to undo the workaround

For 32-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone

 

For 64-bit systems, enter the following command at an administrative command prompt:

cacls %windir%\system32\jscript.dll /E /R everyone

cacls %windir%\syswow64\jscript.dll /E /R everyone

 

Is there an update to address this vulnerability?

No. This is a Microsoft related issue and they are aware of this vulnerability and working on a fix. As per their standard policy, most security updates are pushed on Update Tuesday, the second Tuesday of each month.

 

If you have any questions regarding this security notification, please contact Track-It! Support by opening a case at: BMC Track-It! Support