Netpluz Security Advisory

Netpluz Security Advisory: Microsoft Vulnerabilities – “Double Kill”

 

May 11, 2018

Dear Valued Customers,

We have received an advisory about Microsoft Vulnerabilities classified as CRITICAL, where hackers exploited the its Operating System and other products – VBScript Engine.

This flaw allows an attacker to remotely take control of an affected system. The exploit could be delivered through malicious Office documents or links in emails that force the URL contents to be loaded in Internet Explorer.

Affected Product:

CVE-2018-8174
All currently supported versions of Windows, including:
Windows 7, 8.1, RT 8.1, 10
Windows Server 2008, 2012, 2016

CVE-2018-8120
Windows 7
Windows Server 2008
Windows Server 2008 R2

Impact:

CVE-2018-8120
Successful exploitation of the flaw can allow attackers to execute arbitrary code in kernel mode, eventually allowing them to install programs or malware; view, edit or delete data; or create new accounts with full user rights.

CVE-2018-8174
Users with administrative privileges could be heavily impacted as an attacker successfully exploiting the vulnerability could take control of an affected system, allowing them to install programs or malware. However, even for normal users that are logged on, attackers may still be able to chain exploits on CVE-2018-8174 with CVE-2018-8120 to escalate their privileges.

Recommendations:

Users are recommended to download and install the security updates for CVE-2018-8174 and CVE-2018-8120 from Microsoft via the links provided.
Do not click on any unverified links and do not open attachments from suspicious emails.

Reference:

https://thehackernews.com/2018/05/microsoft-patch-tuesday.html
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8120
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174

Please feel free to email us at noc@netpluz.asia or contact us 1800-NETPLUZ (1800-638-7589) if you require any further assistance.

Thank you.

Network Operations Center
Netpluz Asia Pte Ltd