Windows, IE11 zero-day vulnerabilities chained in targeted attack

[[correlate]]

Content source

https://www.bleepingcomputer.com/news/security/windows-ie11-zero-day-vulnerabilities-chained-in-targeted-attack/

An advanced threat actor exploited one of the two zero-day vulnerabilities that Microsoft patched on Tuesday in a targeted attack earlier this year.

The adversary chained two flaws in Windows, both unknown at the time of the attack, in an attempt to achieve remote code execution and increase their privileges on a compromised machine.

Windows, IE11 zero-day vulnerabilities chained in targeted attack

An advanced threat actor exploited one of the two zero-day vulnerabilities that Microsoft patched on Tuesday in a targeted attack earlier this year.

www.bleepingcomputer.com

 

[Gandalf_The_Grey]

Windows, IE11 zero-day vulnerabilities chained in targeted attack

An advanced threat actor exploited one of the two zero-day vulnerabilities that Microsoft patched on Tuesday in a targeted attack earlier this year.

www.bleepingcomputer.com

The good news is that both are patched already.
The bad news is that IE is possibly the Achilles heel of Windows 10.

 

[upnorth]

The bad news is that IE is possibly the Achilles heel of Windows 10.

Microsoft recomends using Microsoft Edge as your default browser and supports Internet Explorer 11 for backward compatibility.

Lifecycle FAQ - Internet Explorer and Microsoft Edge

Answers to frequently asked questions about the lifecycle policy for Internet Explorer and Microsoft Edge.

docs.microsoft.com

I can guess a majority here on MT already installed and use the latest Edge version, but in the case of IE11 I personal disabled it a long time ago as I don't use it/need it anyway.

https://support.microsoft.com/en-us/help/4013567/how-to-disable-internet-explorer-on-windows

 

[Gandalf_The_Grey]

Lifecycle FAQ - Internet Explorer and Microsoft Edge

Answers to frequently asked questions about the lifecycle policy for Internet Explorer and Microsoft Edge.

docs.microsoft.com

I can guess a majority here on MT already installed and use the latest Edge version, but in the case of IE11 I personal disabled it a long time ago as I don't use it/need it anyway.

https://support.microsoft.com/en-us/help/4013567/how-to-disable-internet-explorer-on-windows

I also have IE 11 disabled trough Windows Features, but it's still on the sytem.
For me, the interesting part from the Bleeping Computer article is:

While there is little data to determine the initial infection vector, Larin told BleepingComputer that “exploitation with a malicious Office document might be possible because MS Office uses IE to display web-content.”

And that seems to be true, because I don't have IE installed anymore, but CCleaner still cleans IE cookies.

 

[upnorth]

Yeah I saw the same, but I doubt MS Office Online does that or? I even read Kasperskys report and I didn't got more wise.

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits.

securelist.com

 

[Gandalf_The_Grey]

Yeah I saw the same, but I doubt MS Office Online does that or? I even read Kasperskys report and I didn't got more wise.

Internet Explorer and Windows zero-day exploits used in Operation PowerFall

Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits.

securelist.com

No MS Office Online would use the engine from the browser you use to access it.
It's the regular installed Office and IMO especially Outlook that uses IE to display web-content (example is HTML formatted emails).