Intercept X defends against SettingsContent-ms abuse (video)

SophosLabs UncutCVE-2018-8414explitPowershellSettingsContent-msvulnerability

Even using an older version of our anti-exploit technology will protect you if you open a malicious document with the CVE-2018-8414 exploit embedded in it

SophosLabs Uncut

By Andrew Brandt

Last week, Microsoft released an update that fixes, among other things, an exploitable vulnerability that criminals were actively using to try to infect computers with malware. The exploit, which was given the code name CVE-2018-8414, involves embedding specially-made XML into an Office document, which (when opened) invokes Powershell to download and execute a remotely-hosted malicious payload.

After the patch for this so-called SettingsContent-ms vulnerability was released, engineering director Mark Loman produced a short video showing how the exploit works, and how even a two-year-old installation of Sophos’ Intercept X anti-exploit tool prevents the exploit from functioning, and protects a machine where the user may accidentally try to open a malicious Office document.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.