TT 脆弱性 Blog

脆弱性情報に関する「個人」の調査・研究のログ

ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability

【ニュース】

◆ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability (Microsoft, 2020/01/17)
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200001


【緩和方法】

■32Bit

takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N


■64Bit

takeown /f %windir%\syswow64\jscript.dll
cacls %windir%\syswow64\jscript.dll /E /P everyone:N
takeown /f %windir%\system32\jscript.dll
cacls %windir%\system32\jscript.dll /E /P everyone:N


【緩和方法の戻し方】

■32Bit

cacls %windir%\system32\jscript.dll /E /R everyone


■64Bit

cacls %windir%\system32\jscript.dll /E /R everyone
cacls %windir%\syswow64\jscript.dll /E /R everyone


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 2006 - 2017