Other issues in this category (35)
Maximum damage with minimum effort
Wednesday, November 22, 2017
Reports about newly discovered vulnerabilities delight cybercriminals the most. In several Anti-virus Times issues, we talked a lot about the danger of macros and scripts that can be used in documents. And we prompted you to disable them. But can a file lacking interactive features that let cybercriminals replace text or secretly download something from the Internet be secure? Unfortunately, even disabling scripts doesn't help.
On September 12, 2017, information about the CVE-2017-8759 vulnerability was published. It is used to execute code with the help of Microsoft Office documents.
The CVE-2017-8759 vulnerability can impact Microsoft Windows, beginning with Windows 7. The full list of vulnerable OSs can be found by following this link.
A vulnerable Microsoft.NET Framework component is used to exploit this vulnerability by injecting third-party code. When exploiting this vulnerability, a cybercriminal gains user rights for the affected system.
This vulnerability has a high severity rating for a number of reasons:
1) Cybercriminals do not need to use or enable macros in Microsoft Office applications to exploit them;
2) A user just has to open a malicious file for a vulnerability to be exploited;
3) The exploit’s code is available on the Internet, and that means that any user can take advantage of it.
Possible attack vectors: the mailing of targeted phishing emails with a Microsoft Office document (doc, rtf, etc.) attached with the goal of installing the Trojan—FINSPY (FinFisher).
So "the user just has to open a malicious file". Many users believe that if they are careful and update all of their applications, their system is secure without anti-virus protection. Unfortunately, this is far from true. Unknown vulnerabilities bring all security measures to nought. If a system is not protected with an anti-virus, cybercriminals can freely inject malicious code. And an anti-virus can also protect against unknown vulnerabilities.
The vulnerability was discovered after a previously unknown exploit was used to fix a number of attacks.
According to the description, an attacker can execute the malicious code. No detailed information yet exists about the vulnerability.#vulnerability #exploit #security_update
The Anti-virus Times recommends
- Update regularly. A short time ago, we mentioned that cybercriminals start using vulnerabilities three days after information about them is published. But this concerns loopholes whose descriptions are published together with the release of an update. In this case, a user can postpone updating (for about a day). But if hackers have discovered a vulnerability and are already using it, updates need to be carried out immediately.
- Do not open suspicious emails.
- Install an anti-virus if you haven’t yet done so. Whatever the vulnerability, the anti-virus will detect malicious code when it reaches the PC.