Microsoft Releases Out-of-Band Security Update for Internet Explorer RCE Zero-Day
(Dec 19, 2018)
A Remote Code Execution (RCE) zero-day vulnerability, registered as "CVE-2018-8653," has been discovered in Microsoft's Internet Explorer web browser by Google's Threat Analysis Group. Researchers were able to identify this vulnerability when they observed it being exploited in targeted attacks. The vulnerability exists in how Internet Explorer handles objects in memory, and can be exploited "to corrupt memory in such a way that attackers could execute code under the security privileges of the logged in user," according to Microsoft's security advisory. Actors could also utilize this vulnerability to conduct malicious activity via custom-created websites. This could allow actors to use the vulnerability in exploit kits or in legitimate websites that have been compromised.
Recommendation: Zero-day based attacks can sometimes be detected by less conventional methods, such as behavior analysis, and heuristic and machine learning based detection systems. Threat actors are often observed to use vulnerabilities even after they have been patched by the affected company. Therefore, it is crucial that policies are in place to ensure that all employees install patches as soon as they are made available.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.