Internet Explorer Zero-day “Double-kill”

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code, host website and lead the victim to view compromised websites. Kaspersky and Qihoo360 independently discovered this zero-day vulnerability (CVE-2018-8174)  for Internet Explorer used mainly for stealing information. This vulnerability had first time marked its presence two years ago. It is hard to get rid of it unless a patch is applied for it.

The zero-day has been deployed on targeted systems with the help of Microsoft Office Document. The Qihoo 360 Core team said the zero-day uses a so-called “double kill” vulnerability that affects the latest versions of Internet Explorer and any other applications that use the IE kernel. One of the reasons why the attack wasn’t triggered by a website and was instead planted via Word Document is IE is not a default browser these days for most of the people across the globe.

This attack is being triggered by a Microsoft Word Document and further uses a VBScript in turn using an URL Moniker to force IE to make the necessary request and execute them. This vulnerability may be exploited heavily in future in both drive-by (via browser) and spear-phishing (via document) campaigns by hackers. The Qihoo 360 core team has explained the attack in detail with the following flow diagram:

Microsoft has release a patch for this vulnerability. We strongly advise to apply it and keep your software up to date to keep your systems secure and to avoid such data breaches.  Logix Infosecurity helps your organization deploy best tools to keep your company safe on the internet. We help you design a smart disaster recovery plan exactly suitable for your business requirements. It is always good to be prepared than regret later.