Avatar of sunhux
sunhux asked on

IE 0-day : workaround using cacls

https://thehackernews.com/2018/12/internet-explorer-zero-day.html

Referring to the workaround given in above link for 64bit windows,
  cacls %windir%\syswow64\jscript.dll /E /P everyone:N

when I checked on my 64bit Windows 10, don't see "everyone" in the ACL:
C:\Windows\SysWOW64\jscript.dll NT SERVICE\TrustedInstaller:F
                                BUILTIN\Administrators:R
                                NT AUTHORITY\SYSTEM:R
                                BUILTIN\Users:R
                                APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R
                                APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:R

So should we instead remove the "R" (ie Read) access to  Users &  *APPLICATION PACKAGES  ?
JavaScriptWindows OSOS Security

Avatar of undefined
Last Comment
McKnife

8/22/2022 - Mon
McKnife

Why are you asking yourself: "why is everyone not already inside the ACL?"? Executing that command will remove access for everyone.
ASKER
sunhux

Might need you to simplify this for my dim wit:
  https://thehackernews.com/2018/12/internet-explorer-zero-day.html
referring to the above url, shouldn't we remove the following 3 ACLs as well?

                                BUILTIN\Users:R
                                APPLICATION PACKAGE AUTHORITY\ALL APPLICATION PACKAGES:R
                                APPLICATION PACKAGE AUTHORITY\ALL RESTRICTED APPLICATION PACKAGES:R
ASKER CERTIFIED SOLUTION
McKnife

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
See how we're fighting big data
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23