A zero-day vulnerability in Microsoft's Internet Explorer used to carry out targeted attacks by cybercriminals was discovered by security experts at Kaspersky Lab in late April.
The firm originally detected a previously unknown exploit which after analysis turned out to be utilising the zero-day vulnerability CVE-2018-8174 for Internet Explorer.
The cybercriminals utilising the exploit managed to download it into a Microsoft Word Document and this was the first known case of such a technique being employed. They were even able to successfully exploit a fully patched version of Microsoft Word.
Upon deeper analysis of the exploit used by attackers, Kaspersky Lab revealed that the infection chain began with a victim receiving a malicious RTF Microsoft Office Document. Once the user opened the document, the second stage of the exploit, an HTML page with malicious code, was downloaded on their system. The code on the HTML page then triggered a memory corruption use-after-free (UAF) bug and finally the shellcode that downloads malicious payloads was executed.
Security Researcher at Kaspersky Lab, Anton Ivanov provided further insight on the tactics used by cybercriminals to take advantage of the zero-day vulnerability, saying:
“This technique, until fixed, allowed criminals to force Internet Explorer to load, no matter which browser one normally used – further increasing an already huge attack surface. Fortunately, proactive discovery of the threat has led to the timely release of the security patch by Microsoft. We urge organisations and private users to install recent patches immediately, as it won't be long before exploits to this vulnerability make it to popular exploit kits and will be used not only by sophisticated threat actors, but also by standard cybercriminals.”
Kaspersky Lab reported the vulnerability to Microsoft upon discovering it and a patch was made available on May 9th.
Image Credit: Methodshop / Pixabay