Intercept X defends against SettingsContent-ms abuse (video)

Even using an older version of our anti-exploit technology will protect you if you open a malicious document with the CVE-2018-8414 exploit embedded in it

Written by Andrew Brandt

August 21, 2018

SophosLabs Uncut CVE-2018-8414 explit Powershell SettingsContent-ms vulnerability

By Andrew Brandt

Last week, Microsoft released an update that fixes, among other things, an exploitable vulnerability that criminals were actively using to try to infect computers with malware. The exploit, which was given the code name CVE-2018-8414, involves embedding specially-made XML into an Office document, which (when opened) invokes Powershell to download and execute a remotely-hosted malicious payload.

After the patch for this so-called SettingsContent-ms vulnerability was released, engineering director Mark Loman produced a short video showing how the exploit works, and how even a two-year-old installation of Sophos’ Intercept X anti-exploit tool prevents the exploit from functioning, and protects a machine where the user may accidentally try to open a malicious Office document.

About the Author

Andrew Brandt

Sophos X-Ops Principal Researcher Andrew Brandt blends a 20-year journalism background with deep, retrospective analysis of malware infections, ransomware, and cyberattacks as the editor of SophosLabs Uncut. His work with the Labs team helps Sophos protect its global customers, and alerts the world about notable criminal behavior and activity, whether it's normal or novel. Follow him at @threatresearch@infosec.exchange on Mastadon for up-to-the-minute news about all things malicious.

Read Similar Articles

May 24, 2021

Intercept X defends against SettingsContent-ms abuse (video)

Andrew Brandt

Read Similar Articles

What to expect when you’ve been hit with Avaddon ransomware

What’s New in Sophos EDR 4.0

Sophos XDR: Driven by data

Leave a Reply Cancel reply