Microsoft has released a patch to address a vulnerability in the Windows VBScript Engine. Double Kill, also known as CVE-2018-8174 1, has been actively exploited in the wild by a limited number of threat actors. If successfully exploited, Double Kill will give the threat actor the same permissions as the compromised user. Proof of concept (PoC) code has been released for this vulnerability, increasing the likelihood of additional threat actors exploiting the vulnerability 2

What we’re doing about it

  • esNETWORK rules have been deployed to detect active exploitation attempts
  • The eSentire Threat Intelligence team is actively monitoring the situation for changes.

What you should do about it

  • After a business impact review, apply Microsoft patches from the most recent ‘patch Tuesday’ (May 8, 2018)
  • Implement the concept of Least-Privilege to limit potential damage
  • Ensure employees are aware of ongoing email and web-based threats

Additional information

DoubleKill affects a wide variety of Windows products that use the VBScript Engine; for a full list, see the Affect Products section of the official Windows release 1.

This vulnerability is caused by a failure in the way the VBScripts engine handles objects in memory. From initial assessments it appears that delivery of this exploit may occur through both phishing attempts and web-based attacks.

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174

[2] https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/

eSentire Media Contacts

Rebecca Freiburger | eSentire | [email protected]

Angela Tuzzo | MRB Public Relations | [email protected] | +1 732.758.1100 x105 | @MRB_PR

Ready to start the conversation about cybersecurity?

Let's Talk