Skip to main content

Internet Explorer hid a zero-day vulnerability

(Image credit: Image Credit: Methodshop / Pixabay)

A zero-day vulnerability in Microsoft's Internet Explorer used to carry out targeted attacks by cybercriminals was discovered by security experts at Kaspersky Lab (opens in new tab) in late April. 

The firm originally detected a previously unknown exploit which after analysis turned out to be utilising the zero-day vulnerability CVE-2018-8174 for Internet Explorer. 

The cybercriminals utilising the exploit (opens in new tab) managed to download it into a Microsoft Word Document and this was the first known case of such a technique being employed. They were even able to successfully exploit a fully patched version of Microsoft Word. 

Upon deeper analysis of the exploit used by attackers, Kaspersky Lab revealed that the infection chain began with a victim receiving a malicious RTF Microsoft Office Document. Once the user opened the document, the second stage of the exploit, an HTML page with malicious code, was downloaded on their system. The code on the HTML page then triggered a memory corruption use-after-free (UAF) bug and finally the shellcode that downloads malicious payloads was executed. 

Security Researcher at Kaspersky Lab, Anton Ivanov provided further insight on the tactics used by cybercriminals to take advantage of the zero-day vulnerability, saying:

“This technique, until fixed, allowed criminals to force Internet Explorer to load, no matter which browser one normally used – further increasing an already huge attack surface. Fortunately, proactive discovery of the threat has led to the timely release of the security patch by Microsoft. We urge organisations and private users to install recent patches immediately, as it won't be long before exploits to this vulnerability make it to popular exploit kits and will be used not only by sophisticated threat actors, but also by standard cybercriminals.”  

Kaspersky Lab reported the vulnerability to Microsoft upon discovering it and a patch (opens in new tab) was made available on May 9th. 

Image Credit: Methodshop / Pixabay

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.