CATEGORIES
home News

This Major Windows Security Flaw Is Being Exploited Right Now As Microsoft Pushes A Patch

by Brandon HillWednesday, May 09, 2018, 10:40 AM EDT
Yesterday was Patch Tuesday, which means that Microsoft issued a number of security updates for its operating systems and software suites. However, one particular exploit that caught our attention is already been exploited in the real world on Windows-based systems. The flaw was first discovered in the Windows VBScript engine by researchers from Qihoo 360 Core Security.
microsoft building

For those that remember, this is the Double Kill exploit that Qihoo 360 Core Security described late last month, but it now has an official designation: CVE-2018-8174. According to Microsoft, there is a flaw in the way that the VBScript engine that allows for remote code execution. Microsoft goes on to confirm the that is exploit is pretty nasty, writing:

An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

The bad news, however, is that this security flaw can force Internet Explorer to load -- even if it is not the default browser -- and that it is already being actively exploited. 

"This is the first time we've seen a URL moniker used to load an IE exploit, and we believe this technique will be used heavily by malware authors in the future," wrote security analysts from Kaspersky Labs. "This technique allows one to load and render a web page using the IE engine, even if the default browser on a victim's machine is set to something different."

"We expect this vulnerability to become one of the most exploited in the near future, as it won't be long until exploit kit authors start abusing it in both drive-by via browser and spear-phishing via document campaigns."

Microsoft is also taking this very seriously, writing, "The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability."

We should note that although Microsoft patched this exploit -- and 66 others -- on Patch Tuesday, it's up to you as a user and for businesses to install the patch to protect systems. Given the seriousness of this exploit (and the tendency or some workers to haphazardly click on emails or attachments that they shouldn't), these updates should be applied sooner rather than later.

Tags:  Microsoft, Windows 10, double kill
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment