Windows critical flaw: This security bug is under attack right now, says Microsoft

Discussion in 'Headline News' started by RickAgresta, May 9, 2018.

  1. RickAgresta

    RickAgresta Peanut, leader of the Peanutty Forces

    Likes Received:
    Trophy Points:
    Windows critical flaw: This security bug is under attack right now, says Microsoft

    Microsoft patches two flaws that are already under attack, among the 67 bugs in May's Patch Tuesday update.

    By Liam Tung | May 9, 2018 -- 12:17 GMT (05:17 PDT) | Topic: Security

    Microsoft's Patch Tuesday update addresses a critical flaw in the Windows VBScript engine that attackers are using to compromise Windows machines through Internet Explorer.

    The patch follows an alarm by researchers at Qihoo 360 Core Security in April that well-resourced hackers were using a then suspected IE zero-day flaw to infect Windows PCs on a "global scale".

    The IE attack, dubbed 'Double Kill', was delivered via Office documents that open a malicious webpage in the background.

    In an advisory crediting Qihoo 360 Core Security researchers and Kaspersky Lab malware analysts for discovering a critical bug tagged as CVE-2018-8174, Microsoft details a remote code execution flaw residing not in Internet Explorer but the Windows VBScript engine. However, it also explains the bug can be exploited through Internet Explorer.

    Microsoft hasn't confirmed this is the bug reported by Qihoo 360 Core Security but notes the flaw is being exploited in the wild.

    "In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website," Microsoft notes.

    "An attacker could also embed an ActiveX control marked 'safe for initialization' in an application or Microsoft Office document that hosts the IE rendering engine."

    Observed attacks have started with a malicious Word document, which when opened downloads an exploit written in VBScript that's hosted on a webpage, according to malware analysts at Kaspersky Lab.

    lelisa13p, Hook and scjjtt like this.

Share This Page