Malware News Zero-Day In Microsoft's VBScript Engine Used By Darkhotel APT

[vtqhtr413]

Content source

https://www.bleepingcomputer.com/news/security/zero-day-in-microsofts-vbscript-engine-used-by-darkhotel-apt/

A vulnerability in the VBScript engine has been used by hackers working for North Korea to compromise systems targeted by the Darkhotel operation.VBScript is available in the latest versions of Windows and in Internet Explorer 11. In recent versions of Windows, though, Microsoft disabled execution of VBScript in the default configuration of its browser, making it immune to the vulnerability.

There are other methods to load scripts, though. For instance, applications in the Office suite rely on the IE engine to load and render web content. Security researchers from Trend Micro noticed a VBScript vulnerability being exploited in the wild a day after Microsoft delivered its regular updates for Windows in July. Now tracked as CVE-2018-8373, the bug has been addressed in this month's patch delivery. It is a use-after-free memory corruption that allows the attacker to run shellcode on the compromised computer.

After analyzing the exploit code, researchers discovered that it shared the obfuscation technique used by exploits for an older VBScript vulnerability also used in the wild and patched in May, CVE-2018-8174. Also known as Double Kill, the vulnerability was reported by experts at Chinese security company Qihoo 360.

Full Story Zero-Day In Microsoft's VBScript Engine Used By Darkhotel APT

 

[stefanos]

 

[upnorth]

CVE-2018-8373 Scripting Engine Memory Corruption Vulnerability

Make no sense IMO why bleepingcomputer dosen't make this kind of sources direct available ( clickable ).

 

[oldschool]

View attachment 196245

"...a very talented person." - Donald Trump