SophosLabs Uncut
Threat Research

Intercept X defends against SettingsContent-ms abuse (video)

Even using an older version of our anti-exploit technology will protect you if you open a malicious document with the CVE-2018-8414 exploit embedded in it

By Andrew Brandt

Last week, Microsoft released an update that fixes, among other things, an exploitable vulnerability that criminals were actively using to try to infect computers with malware. The exploit, which was given the code name CVE-2018-8414, involves embedding specially-made XML into an Office document, which (when opened) invokes Powershell to download and execute a remotely-hosted malicious payload.

After the patch for this so-called SettingsContent-ms vulnerability was released, engineering director Mark Loman produced a short video showing how the exploit works, and how even a two-year-old installation of Sophos’ Intercept X anti-exploit tool prevents the exploit from functioning, and protects a machine where the user may accidentally try to open a malicious Office document.

Leave a Reply

Your email address will not be published. Required fields are marked *