Why Are You Still Using IE? Double Kill Is Just the Latest Issue

save
Share and earn Cybytes
Facebook Twitter LinkedIn Email

Microsoft’s legacy browser Internet Explorer (IE) has been used for almost three decades, but not without issues. IE has been so plagued with security problems that Microsoft built a new, more secure browser called Edge. But there are still some issues. Edge’s forward-leaning technology doesn’t support some of IE’s legacy capabilities. For that reason, IE still comes installed on all Windows operating systems. So, once again, IE has been exploited by attackers, as discovered and observed in the wild by the Chinese security firm Qihoo 360. They’re calling this new zero-day vulnerability Double Kill. The firm believes this is an advanced persistent threat (APT) aimed at achieving ongoing access to targeted systems.

Impact assessment

Technical details and a POC have not been released at this time. However, Qihoo 360 has stated that Double Kill involves an IE vulnerability which uses Microsoft Word documents (usually sent as an email attachment) as the attack vector. Qihoo 360 also states that the document contains some unspecified sort of shellcode. Internet Explorer is somehow opened in the background processes, which leads to an executable program being downloaded and executed – without any visible warning to the user. Opening malicious documents with Double Kill allows attackers to control victims’ computers without their knowledge, making ransomware infection, eavesdropping and data leakage convenient and stealthy.

Vulnerability details

These types of attacks typically begin with spear phishing attempts, a type of email-spoofing attack that targets specific organizations or individuals. If successful, an individual may unknowingly activate malware embedded within attached Word documents, believing they are from a trusted source. In many attack scenarios, attackers get in and get out quickly to avoid detection. With an APT, the goal of the attacker is to achieve ongoing access.

Exploitation

The Word document in question doesn’t automatically download to the computer, and requires interaction on behalf of the user. Users must be on IE, and they must open the infected file, which would then launch a malicious webpage. The malware then uses a user account control bypass and file steganography, or what is called the embedding of a file, message or image within another file, message or image.

Urgently required actions

Stop using IE. Microsoft has not released a statement or any patches at this time. If, for some reason, you need to continue using IE, follow IT security best practices.

Tenable® has developed several Nessus® and NNM plugins for IE, which can help you discover, identify and assess potential vulnerabilities in the legacy browser.

Get more information:

Share this post and earn Cybytes
Facebook Twitter LinkedIn Email
Follow
1612 Followers
About Tenable
Tenable™, Inc. is the Cyber Exposure company. Over 24,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include over 50 percent of the Fortune 500, large government agencies and organizations across the private and public sectors. Learn more at tenable.com.
Promoted Content
Five Steps to Building a Successful Vulnerability Management Program
Is your vulnerability management program struggling? Despite proven technology solutions and the best efforts of IT teams, unresolved vulnerabilities remain an ongoing source of friction and frustration in many organizations. Regardless of how many vulnerabilities are fixed, there will always be vulnerabilities that can’t easily be remediated – and too often, finger-pointing between IT teams and business groups can ensue.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel