Cyber ​​Attacks: Security Vulnerabilities Patched 5 Years Ago Are Still Actively Exploited

Microsoft Office security vulnerabilities known for years are still actively exploited. Cyber ​​attackers use them to infect a PC with malware or malware.

More proof that software security updates should always be installed as soon as possible.

Return of SmokeLoader

As such, cybersecurity researchers at Fortinet have identified unpatched security vulnerabilities used to distribute SmokeLoader.

Once installed on Windows computers, this form of malware spreads other malware, including Trickbot, as well as various backdoors and trojans.

The two vulnerabilities in question are almost five years old, but the fact that they are used to distribute SmokeLoader shows that they are still effective.

Patches are available for five years

The first is CVE-2017-0199, a vulnerability in Microsoft Office that first surfaced in 2017. It allows attackers to download and run PowerShell scripts on compromised networks, giving them additional access to systems.

The second is CVE-2017-11882, a stack buffer overflow vulnerability in Microsoft Office that allows remote code execution.

Security fixes for both vulnerabilities have been available since their public disclosure five years ago.

Phishing to infect victims’ computers

As with many other malware campaigns, attackers use phishing emails to trick their victims into falling into their trap.

In this case, the researchers explain how a phishing email asks the recipient to confirm a purchase order and delivery time to confirm their accuracy. The email tries to look as legitimate as possible by including a full signature with the appropriate contact details.

To see what the purchase order should be, the user is prompted to open a Microsoft Office document with “shields”. He is asked to activate the modification option in order to see him. In fact, this click allows the malicious document to execute the code needed to exploit the vulnerabilities and infect the victim’s device with malware.

Cybercriminals are looking for vulnerable systems

“Despite the fact that CVE-2017-0199 and CVE-2017-11882 were discovered in 2017, they are still actively used in this and other malware campaigns,” warns James Slaughter, Senior Threat Engineer at Fortinet.

“This shows that malware operators are still getting their way by relying on outdated vulnerabilities, often years after they were discovered, and betting on the fact that vulnerable solutions are not patched,” he adds.

Unpatched security vulnerabilities remain one of the most common attack vectors for cybercriminals, many of whom actively scan the Internet for vulnerable systems and servers. Therefore, it is critical that organizations apply security updates as quickly as possible to prevent malware attacks.

Beware the trickbot

Fortinet researchers noted that SmokeLoader was used to spread Trickbot, which is commonly used to distribute ransomware and other cyber threats that can be extremely destructive.

The best way to avoid becoming a victim of SmokeLoader and other such campaigns is to install security patches.

Moreover, in this case, patches have been available for years…

Source: .com

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.