A series of zero-day attacks seems to be a leading indicator of what's in store for IE in 2019! Just in time for the holidays, Microsoft issued an emergency OOB patch for CVE-2018-8653 for what they believe has been used in “targeted attacks,” sending many administrators scrambling. More details can be found at the link, but essentially the flaw was in the scripting engine responsible for parsing and executing JavaScript in all Internet Explorer versions, resulting in all unpatched Windows machines being exposed to this zero-day vulnerability.Two additional zero-day attacks targeting the IE scripting engine were reported in 2018 —CVE-2018-8174 and CVE-2018-8373, which were patched in May and August, respectively.
The previous CVEs were reportedly used by North Korean nation-state-sponsored attack groups. Microsoft mentioned in their report that this latest CVE was also used in targeted attacks, which raises the question about whether the same group was involved with this attack. While zero-days are typically used in targeted attacks, once technical details start to emerge about this particular vulnerability, we expect it to be incorporated into all the exploit kits to launch widespread malware campaigns. We will provide more technical details on this specific vulnerability and the malware used as we continue our research and get additional details.
How does Menlo protect you?
Customers using Menlo Isolation integrated with their existing edge, or Menlo as the SWG to isolate all websites, are completely protected from the CVEs mentioned in the report and all zero-day attacks.
Menlo’s unique architectural approach executes web pages on isolated browsers in its cloud, and all active content (JavaScript, Flash, VBScript) is fetched and executed there. Menlo then mirrors the rendering information to the end-user’s machine using its patented technology, prohibiting these malicious attacks from reaching the end user.
Menlo customers can rest easy this holiday season. There’s no need to go scrambling to patch browsers, as Menlo Security’s isolation approach completely thwarts this attack.