Microsoft fixed new critical rated vulnerability in IE browser

Ray Valladares • May 14, 2018

Attackers could exploit the vulnerability by hosting an exploit on a website .

On Tuesday May 8, 2018 Microsoft released patches for two Windows vulnerabilities, that according to researchers allow attackers to install malicious apps on the computers of unwitting users.

The first vulnerability is in the VBScript Engine included in all currently supported versions of Windows. When Windows users are logged in as the admin, attackers could take complete control of the system. In the event users are logged in as a standard user with limited rights, attackers may be able to exploit separate vulnerabilities.

CVE-2018-8174, discovered by antivirus provider Kaspersky Lab reported observing the following exploit:

  • Targets receive a malicious RTF Microsoft Office document
  • After being opened, the malicious document causes the second stage of the exploit to be downloaded in the form of an HTML page with malicious code
  • The malicious code triggers the use-after-free memory-corruption bug
  • Accompanying shellcode then downloads and executes a malicious payload

Kaspersky Lab security researcher Anton Ivanov wrote the following in an email:

This technique, until fixed, allowed criminals to force Internet Explorer to load, no matter which browser one normally used–further increasing an already huge attack surface... We urge organizations and private users to install recent patches immediately, as it won't be long before exploits to this vulnerability make it to popular exploit kits and will be used not only by sophisticated threat actors but also by standard cybercriminals.

In an advisory published Tuesday , Microsoft officials indicated attackers could also exploit the vulnerability by hosting an exploit on a website or in website ads and tricking a target to view the malicious content with the IE browser. Microsoft is rating CVE-2018-8174 as a "critical," which is the company's highest severity rating.

Microsoft fixed new critical rated vulnerability in IE browser.

March Dates for Social Media

By Ray Valladares March 2, 2020
March Dates for Social Media Searching for some idea's to fill your automated Social Pilot Calendar ? No problem, we've got you covered. From National Employee Appreciation Day to the First Day of Spring, here are seven dates in March to help your social media campaigns.

Take Control of Your Social Media

By Ray Valladares March 1, 2020
Social Media Scheduling for Posting Strategically Plan the work and work the plan! We've practiced our motto since early on in our professional careers and continue to do so today while managing our small business. We believe in developing a cost effective strategy that not only saves you time, but rewards you with valuable and insightful data. Scheduling your social media posts will significantly Make A Difference in your business and personal life. Your time is valuable so let's get right into my 4 Top reasons why we Use and Recommend Social Pilot . Clear View of Your Schedule; easily schedule and edit posts to Facebook, Google My Business, and many other sites from ONE calendar! No more jumping between sites to post your content.

TLS Update

By Ray Valladares February 23, 2020
The Amazon Web Services that we are using for our client websites have been updated to the latest TLS technologies to keep our customers’ websites fast, secure and modern. Website visitors will now be connecting to the website using TLS 1.3. This improved protocol speeds up the time it takes to connect to the website through a secure connection. If you aren't familiar, TLS stands for Transport Layer Security, which was first released as TLS 1.0 in 1999 and since then, TLS has been the standard of what’s used on the web. TLS 1.3 is a step forward and is the first major industry improvement in over 10 years (TLS 1.2 was released in August 2008). This update is just one of several improvements scheduled for 2020. If your small business is considering updating your website, reach out and contact us , we'd love to hear from you and learn about your business.