Windows JScript Component Vulnerable to Remote Code Execution

A vulnerability in the Windows operating system JScript component could allow a threat actor to perform remote code execution on a targeted computer. Given a rating of 6.8 out of 10 on the CVSSv2 severity scale, the vulnerability can be exploited by a victim visiting a malicious webpage or downloading a malicious JavaScript file. This will only grant the threat actor the ability to perform remote code execution within a sandboxed environment; however, if additional vulnerabilities are exploited, they could gain access to the entire system. Microsoft has been notified of the vulnerability and is working on fix. The NJCCIC recommends Windows users and administrators review the Zero Day Initiative Advisory for more details on the vulnerability and avoid clicking on links or opening attachments delivered with unexpected or unsolicited emails.