Zero-day exploits get their name because they show up in the hands of attackers before an official patch is available, giving defenders zero days of advance warning to fix affected systems.
A vulnerability in Internet Explorer (IE) and any applications that use the IE kernel are being exploited through malicious Microsoft Office documents which are distributed through spam email campaigns.
When a user opens the document, a malicious webpage is opened in the background which delivers the malware from a Command and Control (C2) server.
When successfully exploited, the attack uses a publicly known User Account Control (UAC) bypass. The attack then escalates privileges on the user’s device.
The Qihoo 360 Core team said the zero-day uses a so-called “double kill” vulnerability that affects the latest versions of Internet Explorer and any other applications that use the IE kernel.
We uncovered an IE 0day vulnerability has been embedded in malicious MS Office document, targeting limited users by a known APT actor.Details reported to MSRC @msftsecresponse
— 360 Core Security (@360CoreSec) 20 April 2018
- Internet Explorer – All Versions
- Applications that use the IE kernel