By Andrew Brandt
Last week, Microsoft released an update that fixes, among other things, an exploitable vulnerability that criminals were actively using to try to infect computers with malware. The exploit, which was given the code name CVE-2018-8414, involves embedding specially-made XML into an Office document, which (when opened) invokes Powershell to download and execute a remotely-hosted malicious payload.
After the patch for this so-called SettingsContent-ms vulnerability was released, engineering director Mark Loman produced a short video showing how the exploit works, and how even a two-year-old installation of Sophos’ Intercept X anti-exploit tool prevents the exploit from functioning, and protects a machine where the user may accidentally try to open a malicious Office document.