CVE-2018-8653 in Internet Explorer: Microsoft Patches Yet Another Zero-Day
NEWS

CVE-2018-8653 in Internet Explorer: Microsoft Patches Yet Another Zero-Day

Microsoft has just released a security update for Internet Explorer after receiving a report from Google about a new vulnerability being used in targeted attacks. The vulnerability, which was given the CVE-2018-8653 identifier, could allow for arbitrary code execution.




Affected are:

-Internet Explorer 8 for Windows Embedded Standard 2009 XP, POSReady 2009
-Internet Explorer 9 for Windows Server 2008
-Internet Explorer 10 for Windows Server 2012
-Internet Explorer 11 for Windows 7, 8.1, RT 8.1, 10
-Internet Explorer 11 for Windows Server 2008 R2, 2012 R2, 2016, 2019

How can the CVE-2018-8653 vulnerability be exploited?

Depending on the privileges associated with the user, an attacker could perform a variety of malicious activities such as install programs, view, change, or delete data, or even create new accounts with full user rights. Note that users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

In a web-based attack scenario, an attacker could host a specially crafted website specifically designed to exploit the flaw via Internet Explorer. The user would then be tricked into viewing the website, for example, by sending an email. Another scenario involves the use of applications that embed the Internet Explorer scripting engine to render web-based content. This includes apps from the Office suite.


Why is this vulnerability disclosure worrisome?
It is one of several zero-days that Microsoft has patched in the past few months. And all the zero-days involved elevation of privilege. And if the previously disclosed vulnerabilities haven’t been patched on a system, the affected user could be exploited in a chain attack which employs one of the older bugs (CVE-2018-8611, CVE-2018-8589, CVE-2018-8453, CVE-2018-8440). This would give the attacker system-level access and could lead to various malicious outcomes.

CVE-2018-8611 was addressed in December 2018?s Patch Tuesday. The flaw is a kernel zero-day, and was exploited by several threat actors.
CVE-2018-8611, for instance, is a privilege escalation vulnerability which is caused by the failure of the Windows kernel to properly handle objects in memory. And as explained in Microsoft’s advisory, an attacker who successfully exploited the flaw could run arbitrary code in kernel mode. Kaspersky Lab researchers were the first to detect the zero-day, and they were the ones who reported it to Microsoft and detected the active malicious campaigns exploiting the flaw.

Who’s at risk of CVE-2018-8653? Large and medium government entities are at high risk, as well as large and medium business entities. Smaller government entities and businesses are at medium risk, and home users are least exposed.

Nonetheless, the patches that address CVE-2018-8653, KB4483187, KB4483230, KB4483234, KB 4483235, KB4483232, KB4483228, KB4483229, and KB4483187, should be applied immediately by all concerned parties.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...