Internet Explorer Zero-Day Exploit

CERT.be Advisory #2018-013
Version: 1.0
CVSS: -
Affected software: Internet Explorer even the latest versions and applications using its HTML rendering engine (such as Microsoft Word)
Type: remote code execution

Sources

- https://securityboulevard.com/2018/04/internet-explorer-zero-day-exploit...
- https://www.bleepingcomputer.com/news/security/internet-explorer-zero-da...

Risks

CERT.be recommends systems administrators to install the latest updates to all affected software published in this advisory. The vulnerability presents the following risks: remote code execution.

Summary

Researchers from Chinese internet security firm Qihoo 360 have uncovered a sophisticated targeted attack which, according to them, exploits an unpatched vulnerability in Microsoft’s Internet Explorer browser. The vulnerability, named by Qihoo 360 “double kill,” is supposedly located in Internet Explorer but is exploited through a Microsoft Word document with a malicious embedded web page. The vulnerability affects not only the latest versions of Internet Explorer but also the applications that make use of its HTML rendering engine such as Microsoft Word, according to the company’s researchers.

Remediation

Microsoft has released a software update that addresses the vulnerability described in this advisory.