Intercept X defends against SettingsContent-ms abuse (video)

SophosLabs UncutCVE-2018-8414explitPowershellSettingsContent-msvulnerability

Even using an older version of our anti-exploit technology will protect you if you open a malicious document with the CVE-2018-8414 exploit embedded in it

SophosLabs Uncut

By Andrew Brandt

Last week, Microsoft released an update that fixes, among other things, an exploitable vulnerability that criminals were actively using to try to infect computers with malware. The exploit, which was given the code name CVE-2018-8414, involves embedding specially-made XML into an Office document, which (when opened) invokes Powershell to download and execute a remotely-hosted malicious payload.

After the patch for this so-called SettingsContent-ms vulnerability was released, engineering director Mark Loman produced a short video showing how the exploit works, and how even a two-year-old installation of Sophos’ Intercept X anti-exploit tool prevents the exploit from functioning, and protects a machine where the user may accidentally try to open a malicious Office document.

Leave a Reply

Your email address will not be published.