A Chinese cybersecurity firm has discovered a "double kill" bug in Internet Explorer that it said is already being used by possible nation-state hacking groups.
- A Chinese cybersecurity firm has found a zero-day exploit in Internet Explorer that is already being used to infect machines through malicious Microsoft Office documents.
- Microsoft has yet to issue a response to the discovery, and until it patches the vulnerability IE users should be particularly careful not to open Office attachments from unknown sources.
Download App:- Tech Gyan Mantra
The zero day requires a potential victim to open a malicious Microsoft Office document that contains a link to a website designed to deliver a malware payload, which is a common way for attackers to infect victims.
Once someone is infected, Qihoo 360 said, attackers can install backdoor Trojans or even gain complete control over the machine.
According to security researchers at Chinese web giant Quihoo 360, hackers are using a zero-day vulnerability in Internet Explorer kernel code to infect Windows computers with malware.
The researchers say that an advanced persistent threat (APT) group is using the vulnerability to infect victims on a global scale by sending malicious Office documents to selected targets.
These documents are loaded with what they call a "double-kill" vulnerability, which affects the latest versions of Internet Explorer and any other applications that use IE kernel. When victims open the office document, the bug launches a malicious webpage in the background to deliver malware from a remote server.
"After the target opens the document, all exploit code and malicious payloads are loaded from a remote server," the researchers wrote in a blog post on the Chinese platform Weibo.
Watch video:-
Watch video:-
The researchers said that the attack involves the use of a public User Account Control (UAC) bypass, reflective DLL loading, fileless execution, and steganography; they also provided a diagram that roughly outlines the attack, with Chinese annotations.
The company says that it has reported the vulnerability to Microsoft and will be giving them appropriate time to find a patch before it reveals more details about the bug.
Microsoft has neither confirmed nor denied the attacks, but has given the following statement:
Windows has a customer commitment to investigate reported security issues, and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection. Our standard policy is to provide remediation via our current Update Tuesday schedule.
No comments:
Post a Comment
Note: only a member of this blog may post a comment.