Netpluz Security Advisory: Microsoft Vulnerabilities – “Double Kill”
May 11, 2018
Dear Valued Customers,
We have received an advisory about Microsoft Vulnerabilities classified as CRITICAL, where hackers exploited the its Operating System and other products – VBScript Engine.
This flaw allows an attacker to remotely take control of an affected system. The exploit could be delivered through malicious Office documents or links in emails that force the URL contents to be loaded in Internet Explorer.
All currently supported versions of Windows, including:
Windows 7, 8.1, RT 8.1, 10
Windows Server 2008, 2012, 2016
Windows Server 2008
Windows Server 2008 R2
Successful exploitation of the flaw can allow attackers to execute arbitrary code in kernel mode, eventually allowing them to install programs or malware; view, edit or delete data; or create new accounts with full user rights.
Users with administrative privileges could be heavily impacted as an attacker successfully exploiting the vulnerability could take control of an affected system, allowing them to install programs or malware. However, even for normal users that are logged on, attackers may still be able to chain exploits on CVE-2018-8174 with CVE-2018-8120 to escalate their privileges.
Users are recommended to download and install the security updates for CVE-2018-8174 and CVE-2018-8120 from Microsoft via the links provided.
Do not click on any unverified links and do not open attachments from suspicious emails.
Please feel free to email us at firstname.lastname@example.org or contact us 1800-NETPLUZ (1800-638-7589) if you require any further assistance.
Network Operations Center
Netpluz Asia Pte Ltd