Se­cu­rity re­searcher re­leases PoC code used to run ma­li­cious code

Mi­crosoft had rolled out a fix

Arab Times - - LO­CAL -

KUWAIT CITY, Oct 13: A se­cu­rity re­searcher has pub­lished proof-of-con­cept code which an at­tacker can use to run ma­li­cious code on a re­mote com­puter via the Mi­crosoft Edge browser, re­ports Al-Rai daily quot­ing zd­

The proof-of-con­cept (PoC) code is for a Mi­crosoft Edge vul­ner­a­bil­ity – CVE-2018-8495 – that Mi­crosoft patched this week, part of its Oc­to­ber 2018 Patch Tues­day.

The vul­ner­a­bil­ity was dis­cov­ered by Kuwaiti se­cu­rity re­searcher Ab­dul­rah­man Al-Qa­bandi, who re­ported his find­ings to Mi­crosoft via Trend Mi­cro’s Zero-Day Ini­tia­tive pro­gram.

To­day, af­ter mak­ing sure Mi­crosoft had rolled out a fix, Al-Qa­bandi pub­lished in-depth de­tails about the Edge vul­ner­a­bil­ity on his blog.

Be­sides the usual tech­ni­cal break­down that ac­com­pa­nies all such vul­ner­a­bil­ity write-ups, the re­searcher’s also in­cluded proof-of-con­cept code so other re­searchers could re­pro­duce the bug’s ef­fect.

Such PoCs are usu­ally quite com­plex, but Al-Qa­bandi’s code is only HTML and JavaScript, mean­ing it could be be hosted on any web­site.

Ac­cord­ing to the re­searcher, all the at­tacker needs to do is trick a user into ac­cess­ing a ma­li­cious web­site host­ing the PoC via an Edge browser, and then press the En­ter key. Once the user lets go of the En­ter key, the PoC runs and ex­e­cutes a Vis­ual Ba­sic script via the Win­dows Script Host (WSH) de­fault ap­pli­ca­tion.

In its cur­rent form, the PoC will only start the Win­dows Cal­cu­la­tor app, but any skilled mal­ware au­thor can mod­ify this code with ease to trig­ger more dan­ger­ous op­er­a­tions, such as silently down­load­ing and in­stalling mal­ware.

Since the vul­ner­a­bil­ity re­quires so­cial en­gi­neer­ing, it is likely not that use­ful for au­to­mated mal­ware cam­paigns, such as the ones ex­e­cuted via ex­ploit kits and malver­tis­ing (the use of on­line ad­ver­tis­ing to spread mal­ware) cam­paigns.

Newspapers in English

Newspapers from Kuwait

© PressReader. All rights reserved.