

Cryptojacking vs Ransomware
August 10, 2018
Rewterz Threat Advisory – Flaws in ATM Dispenser Controllers Allowed Hackers to Steal Cash
August 14, 2018
Cryptojacking vs Ransomware
August 10, 2018
Rewterz Threat Advisory – Flaws in ATM Dispenser Controllers Allowed Hackers to Steal Cash
August 14, 2018The scripting engine in the Internet Explorer is vulnerable to remote code execution attacks due to memory corruption.
IMPACT: CRITICAL
PUBLISH DATE: 14-08-2018
OVERVIEW
The scripting engine when handling objects in memory in the Internet Explorer is vulnerable to a Remote Code Execution attack. The attacks involve specially crafted web pages promoted through social engineering. Patched versions have been released by the vendor.
BACKGROUND INFORMATION
In the Internet Explorer, the handling of objects by the scripting engine in memory is vulnerable to a remote code execution attack. In case of a successful attack, an attacker could execute arbitrary code in the context of the current user, acquiring all the user privileges associated with the user. In case the current user has administrative privileges, the whole system could be taken over by the attacker.
In a web-based attack scenario that may involve social engineering, the attack is possible via a specially designed website meant to exploit the vulnerability in the internet explorer. An attacker can also take advantage of compromised websites or websites that deal with advertisements and user-provided content. These websites can be specially designed with the motive of exploiting this vulnerability.
ANALYSIS
Microsoft Internet Explorer version 11 and earlier are vulnerable to a use-after-free vulnerability that can be exploited in remote code execution attacks. This may hand over elevated user privileges of the system to an attacker, who is then able to install programs; view, modify, or delete data; or create new accounts with full user rights. Proof-of-concept (PoC) code is publicly available and Microsoft has seen exploitation in the wild.
An attacker would need to use a specially crafted web page to exploit this vulnerability. The target audience is convinced to visit the page via social engineering techniques, after which some file on the page drops payloads on the system to execute a remote code.
It is also possible for an attacker to embed an ActiveX control marked “safe for initialization” in an application or Microsoft Office document that hosts the IE rendering engine. The system may crash during the exploitation attempt.
When this vulnerability is triggered, it causes a ‘use after free’ condition in vbscript!AssignVar. This highly critical vulnerability has been addressed in the August updates by Microsoft.
AFFECTED PRODUCTS
Microsoft reports that the following products and versions are vulnerable.
- Internet Explorer 9, 10 and 11
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows 8.1 for 32-bit Systems
- Windows 8.1 for x64-based Systems
- Windows 10 for 32-bit Systems
- Windows 10 for x64-based Systems
- Windows 10 Version 1703 for 32-bit Systems
- Windows 10 Version 1703 for x64-based Systems
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows 10 Version 1607 for 32-bit Systems
- Windows 10 Version 1607 for x64-based Systems
- Windows RT 8.1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 for 32-bit Systems Service Pack 2
- Windows Server 2008 for x64-based Systems Service Pack 2
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
UPDATES
The vendor has released updates for the affected products. Please follow this link for downloading the relevant updates.
https://portal.msrc.microsoft.com/en–US/security–guidance/advisory/CVE–2018–8373
If you think you are a victim of a cyber-security attack. Immediately send an email to info@rewterz.com for a rapid response.