LTS Secure Warning: Multiple window machines vulnerable to remote code execution

Windows VBScript Engine enables hackers to perform a remote code execution on the target machine. The vulnerability can corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.

Technical Details

An attacker who successfully released the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker can then install programs, monitor the user activity, can make changes in the system, or create new accounts with full user rights.

  • Web-based attack – an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website.
  • Compromised websites – websites that accept or host user-provided content or advertisements. These websites could contain specially crafted content that could exploit the vulnerability.

Impact

This vulnerability affects all the versions of the Windows and Windows Server.

Recommended Actions

  • Run all software as a non-privileged user with minimal access rights.
  • Deploy network intrusion detection systems to monitor network traffic for malicious activity.
  • Do not accept or execute files from untrusted or unknown sources.
  • Do not follow links provided by unknown or untrusted sources.
  • Implement multiple redundant layers of security.

 

Microsoft has released a security advisory CVE-2018-8174 on May 8, 2018.