Microsoft has been advertising Microsoft Edge as the most secure browser but is this really true?
CVE-2016-7200 and CVE-2016-7201 are two vulnerabilities found in the Chakra JavaScript engine in Edge. They were reported last November and fixed by Microsoft. One would think that the story ends here, but it doesn’t.
CVE-2016-7200 and CVE-2016-7201 Integrated by Sundown EK
It’s now known that the so called “twin bugs” have been integrated by the authors of the Sundown exploit kit thanks to a security company’s proof-of-concept. This leaves users of Microsoft Edge prone to a range of malicious attacks. Nonetheless, Windows users shouldn’t panic that much as Edge applies patches automatically.
This means that a smaller number of users may be affected. Fortunately, the improved exploit mitigations in Windows 10 should prevent malicious attempts from becoming successful attacks.
However, the Edge Chakra Javacript exploit is expected to be incorporated into other exploit kits. Let’s not forget that zero days and freshly discovered bugs are favorite specialties on the malware market. Malware researcher Kafeine was the one who reported the use of CVE-2016-7200 and CVE-2016-7201 by Sundown authors. They were taken from a proof-of-concept recently released by US Security startup Theori.
As we already wrote, Sundown exploit kit latest activity was detected on December 27, 2016, where attackers used PNG images to store the harvested information and the exploit code. In September’s attacks with the payload being the CryLocker ransomware, PNG files were also used to pack harvested user information. The images were then uploaded to an Imgur album so that cybercriminals could avoid detection. Researchers also uncovered that the exploit code within the PNG image also included an exploit code targeting the CVE-2015-2419 vulnerability.
Protection Against Sundown Exploit Kit and Other EKs
Exploit kits have been used on an industrial scale. They are automated toolkits that scan a user’s web browser, and analyze it for flaws to leverage before delivering the malicious payload. This means your browser should always be fully patched – never estimate the importance of security updates. Users should immediately install security fixes for all their software – as soon as patches are released.
In case a patch is not yet released, an attack relying on this vulnerability can still be deflected by up-to-date anti-malware software. Most such programs will detect and intercept the exploits attempting to take advantage of a flaw.