Zero-Day Attack Affects Windows Through Dangerous Word Document

Zero-Day Attack Affects Windows Through Dangerous Word Document

There is an immediate attention needed for the fresh unveiled weaknesses in code from Adobe and Microsoft. Around sixty-seven fixes will be conducted for special errors in the Microsoft software according to its May 2018 security report. 

Twenty-one out of the fixes are focused on critical issues, which imply that attackers can remotely exploit to create false code on the weakness of the system. Four of the fixing issues are low priority while the remaining forty-two remains important. 

Internet Explorer and Microsoft’s Edge browsers are the vulnerable software in question. It also includes the Outlook, Exchange and Office software. The “use after free” feature is one of the glaring errors of the Microsoft software. It often occurs in the Window VBScript engine. This crucial feature is often used to coerce Internet Explorer to execute code and load. 

The Kaspersky Lab, a Moscow-based security company first discovered the CVE-2018-8174 flaw in April and informed Microsoft. The error occurred in Windows Server 2016, Windows RT, Windows Server 2012, Windows Server 2008, Windows 10, Windows 8.1 and Windows 7. The Kaspersky Lab experts maintained that an APT actor used the exploit after been found in the wild. 

An Estonian international company has been able to define APT as advanced persistent threat. It is properly monitoring long-term cyber operations that make the hacker use several strategies to get the required data about the target. Experts from the Kaspersky Lab stated that the error was discovered after the service sandbox device automatically reported the exploit.

Some people have already started using the exploit along with malware-scanning software on April 18. Through malicious Microsoft Word documents, the zero-day attack was able to target victims easily. 

Patch Error Warning For Users:

According to security professionals, it is important for Windows businesses, individuals and users resolve this error immediately. This scenario is the first of all times when the IE exploit is being loaded by a URL Moniker. In the future, many malware authors will make use of this strategy heavily. 

With this strategy, it will be easy to render and load a web page by using the IE engine. This can work effectively if the main browser on the affected system is programmed to something else. According to Microsoft, this mistake can as well be discovered through a compromised or malicious web page. 

There is every possibility for a hacker to a host a well-programmed website in a web-oriented attack event. This website is created to tap into the weakness via IE and later convince the user to act. Malvertising or malicious advertisements are ways that the error can occur. 

Websites that host or accept user-provided advertisements or content may give hackers the opportunity to attack. This is because such web pages may come with information that can exploit the weakness of the system. 

Attack Flow:

The attack usually follows certain patterns that people should quickly detect. Below are some ways that you can discover the attack flow. 

1. A use after free is triggered from the VBScript code. This is a weakness to operate shellcode as a kind of memory disorder.

2. A 2nd phase exploit will be downloaded when the victim open the affected document. This is usually in the format of an HTML document that comes with VBScript code.

3. The victim will get an effected MSWord file in the format of RTF with an OLE. This is an item that operates with a URL Moniker enforcing the IE to strategically upload the web page. 


The weakness and error usually occur in VBScript even if a Word document is initially displaying the effect. Following the comprehensive information in this content will help you to be aware of the problem before and after it occurs. It is also a great way to avoid the error in future events. 

Leave a Reply