Executive Risk Summary
"The Microsoft JScript 5.8 and VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11, allow remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This vulnerability can be exploited by an attacker to gain control over the affected system."
Anticipated Attack Path
- 1. Initial Exploitation: Attacker crafts a malicious web site to exploit the vulnerability
- 2. Privilege Escalation: Attacker gains control over the system
- 3. Lateral Movement: Attacker moves laterally within the network
Am I Vulnerable?
- Verify if Internet Explorer 9 through 11 is installed on the system
- Check if the JScript or VBScript engine is enabled
- Apply the security updates MS16-051 and MS16-053
Operational Audit Arsenal
Target Type Process
Target Asset iexplore.exe
Standard Path C:\Program Files\Internet Explorer
PowerShell
# 🛠️ Senior Engineer Universal Audit
# Target: iexplore.exe (Process)
$Targets = 'iexplore.exe'
$SearchPaths = @("$env:windir\System32", "$env:ProgramFiles", "${env:ProgramFiles(x86)}")
Get-ChildItem -Path $SearchPaths -Include $Targets -Recurse -ErrorAction SilentlyContinue |
Select-Object FullName, @{Name="Version";Expression={$_.VersionInfo.ProductVersion}}Patch Impact Forecast
Reboot Required Likely
Moderate, as the patch may require a system restart and may affect the functionality of certain web applications
Internal Work Notes
Apply security updates MS16-051 and MS16-053 to patch the Scripting Engine Memory Corruption Vulnerability in Internet Explorer 9 through 11
Technical Intelligence & Operational Utilities • Delivered Weekly
Intelligence Sources
Official Advisoryhttp://www.securityfocus.com/bid/90012
Official Advisoryhttp://www.securitytracker.com/id/1035820
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053
Official Advisoryhttps://www.exploit-db.com/exploits/40118/
Official Advisoryhttps://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/
Official Advisoryhttp://www.securityfocus.com/bid/90012
Official Advisoryhttp://www.securitytracker.com/id/1035820
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-051
MSRC Advisoryhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-053
Official Advisoryhttps://www.exploit-db.com/exploits/40118/
Official Advisoryhttps://www.virusbulletin.com/virusbulletin/2017/01/journey-and-evolution-god-mode-2016-cve-2016-0189/
Official Advisoryhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2016-0189
Related Microsoft Threats
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.