To Evolution

Windows Critical Flaw: This Security Flaw is Being Attacked At This Moment, Says Microsoft

    Abdulaziz Sobh
    By Abdulaziz Sobh

    Categories: Technology


    0/5 stars (0 votes)

    image

    Microsoft's Patch Tuesday update addresses a critical flaw in the Windows VBScript engine that attackers are using to compromise Windows machines through Internet Explorer. The patch follows an alarm by researchers at Qihoo 360 Core Security in April that hackers with sufficient resources were using an IE flaw then suspected to infect Windows PCs on a "global scale".The IE attack, dubbed 'Double Kill', was delivered through Office documents that open a malicious web page in the background. In an advisory document crediting Qihoo 360 Core Security researchers and Kaspersky Lab malware analysts for discovering a critical error labeled CVE-2018-8174, Microsoft details a remote code execution flaw that resides not in Internet Explorer but in the Windows VBScript engine. However, it also explains that the error can be exploited through Internet Explorer. Microsoft has not confirmed that this is the error reported by Qihoo 360 Core Security but notes that the flaw is being exploited in nature."In a web-based attack scenario, an attacker could host a specially designed website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to visit the website," says Microsoft."An attacker could also embed an ActiveX control marked 'secure for initialization' in an application or Microsoft Office document that hosts the IE rendering engine."The observed attacks have started with a malicious Word document, which when opened downloads an exploit written in VBScript hosted on a web page, according to Kaspersky Lab's malware analysts. Analysts also trust that the exploit they found is the same as the Double Kill attack reported Qihoo 360 Core Security. While zero-day attacks are likely to be the work of state-sponsored attackers, Kaspersky Lab predicts that it will become popular with cybercriminals as part of an exploit kit arsenal to compromise Windows PCs in attacks based on the Web. This is because the technique allows an attacker to force IE to load and exploit the error on an unrepaired machine, even if the victims have configured Chrome or Firefox as their default browser."Although the Word document is the initial attack vector, the vulnerability is actually in VBScript, not in Microsoft Word, this is the first time we have seen an alias URL used to load an IE exploit, and we believe that This technique will be used to a large extent by malware authors in the future. This technique allows loading and rendering a web page using the IE engine, even if the default browser on the victim's machine is set to something different, "they said. the analysts."We hope that this vulnerability will become one of the most exploited in the near future, since it will not be long until the authors of the exploitation kit begin to abuse it in both units, through browser and spear-phishing to through document campaigns. "The other vulnerability that Microsoft has confirmed is currently being exploited is a Win32k privilege elevation vulnerability, which is tracked as CVE-2018-8120 and is rated as important."To exploit this vulnerability, an attacker would first have to log in. An attacker could run a specially crafted application that could exploit the vulnerability and take control of an affected system," says Microsoft.Microsoft also began repairing the Device Guard bypass, which was expected to keep Google's Project Zero closed until after the May patch on Tuesday. Microsoft patched a total of 67 vulnerabilities in the Patch Tuesday update of May, of which 21 were rated as critical.