Link to home
Start Free TrialLog in
Avatar of sunhux
sunhux

asked on

IE 0-day : workaround using cacls

https://thehackernews.com/2018/12/internet-explorer-zero-day.html

Referring to the workaround given in above link for 64bit windows,
  cacls %windir%\syswow64\jscript.dll /E /P everyone:N

when I checked on my 64bit Windows 10, don't see "everyone" in the ACL:
C:\Windows\SysWOW64\jscript.dll NT SERVICE\TrustedInstaller:F
                                BUILTIN\Administrators:R
                                NT AUTHORITY\SYSTEM:R
                                BUILTIN\Users:R
                                APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R
                                APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:R

So should we instead remove the "R" (ie Read) access to  Users &  *APPLICATION PACKAGES  ?
Avatar of McKnife
McKnife
Flag of Germany image

Why are you asking yourself: "why is everyone not already inside the ACL?"? Executing that command will remove access for everyone.
Avatar of sunhux
sunhux

ASKER

Might need you to simplify this for my dim wit:
  https://thehackernews.com/2018/12/internet-explorer-zero-day.html
referring to the above url, shouldn't we remove the following 3 ACLs as well?

                                BUILTIN\Users:R
                                APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R
                                APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:R
ASKER CERTIFIED SOLUTION
Avatar of McKnife
McKnife
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial