The previous CVEs were reportedly used by North Korean nation-state-sponsored attack groups. Microsoft mentioned in their report that this latest CVE was also used in targeted attacks, which raises the question about whether the same group was involved with this attack. While zero-days are typically used in targeted attacks, once technical details start to emerge about this particular vulnerability, we expect it to be incorporated into all the exploit kits to launch widespread malware campaigns. We will provide more technical details on this specific vulnerability and the malware used as we continue our research and get additional details.
Customers using Menlo Isolation integrated with their existing edge, or Menlo as the SWG to isolate all websites, are completely protected from the CVEs mentioned in the report and all zero-day attacks.
Menlo customers can rest easy this holiday season. There’s no need to go scrambling to patch browsers, as Menlo Security’s isolation approach completely thwarts this attack.