Microsoft on Tuesday disclosed two Windows vulnerabilities that attackers are exploiting in the wild to install malicious applications on the computers of unsuspecting users.
The main vulnerability is in the VBScript Engine that is included in all currently supported versions of Windows. A so-called use-after-free flaw that affects the way the system handles computer memory allows attackers to execute code of their choice that runs with the same system privileges as the logged-in user. When targeted users log in with administrative rights, attackers using a virus can gain complete control of the system. In the event that users log in with more limited rights, adversaries may still be able to increase privileges by exploiting a separate vulnerability.
CVE-2018-8174, as the flaw is typically indexed, is being exploited by attackers, Microsoft officials said. The vulnerability was discovered by antivirus manufacturer Kaspersky Lab, which reported it to Microsoft. Among the benefits that Kaspersky Lab notes:
- The targets receive a malicious Microsoft Office RTF document
- After opening, the malicious document allows the second level of exploitation to be downloaded in the form of an HTML page with malicious code
- Malicious code causes a use-after-free memory corruption bug
- The following shellcode then downloads and executes a malicious payload
Kaspersky Lab security researcher Anton Ivanov wrote the following in an email:
This policy, until now, allows criminals to force Internet Explorer to load, regardless of the browser you normally use – increasing the already large attack surface… We urge organizations and private users to install the latest patches immediately, because it won’t be long before this vulnerability is exploited and made into popular exploits and will be used not only by sophisticated threat actors but also by criminals cyber standard.
In the tribe Advisory issued Tuesday, Microsoft officials said that attackers can also exploit the vulnerability by hosting an exploit on a website or in website ads and tricking a target into viewing malicious content with the IE browser. Neither Microsoft nor Kaspersky Lab provided details about who was using the vulnerability, who was exploiting it, or how the exploits were spread. Microsoft rates CVE-2018-8174 “critical,” the industry’s highest severity rating.
The second vulnerability is an elevation-privilege flaw in the Win32k part of Windows. “An attacker who successfully exploits this vulnerability can execute arbitrary code in kernel mode,” Microsoft officials wrote in a document. separate advice. “The attacker can then install programs; view, change, or delete your data; or create new accounts with full user rights.” The grade is “serious,” one level below “serious.” Microsoft does not provide information about internal exploits.
In all, Microsoft released 68 security bulletins on Tuesday as part of its monthly patch release. Twenty-one of the patches were rated critical, 45 were critical, and two were rated as low severity. Another notable bulletin has hidden remote code execution vulnerabilities at Microsoft’s Hyper-V we had Hyper-V SMB and tribe Azure IoT SDK spoofing vulnerability. The Sans Center lists all fixes Here.