Windows Shell RCE: Here's another very good reason to rush to update your system. A PoC exploit has just been released for a vulnerability that allows remote implementation code,
The security gap it exists in Microsoft Edge and as you understand, after its public release it will start to be used by all would-be hackers. The vulnerability with identifier the CVE-2018-8495 there is because Windows Shell does not handle appropriate special characters that can be added to a URI.
"There are a lot of problems with the way the product handles URIs in some formats. The product does not warn the user that any dangerous navigation is taking place, ”explains the Zero Day Initiative of Trend Micro (ZDI).
The fact that the exploit can not be performed without the user performing a specific action mitigates the severity of the vulnerability.
But with the right approach, Eq. can be realizedscamtricking users into visiting a malicious page, From there things are very simple.
PoC
Abdulrahman Al-Qabandi, who discovered the error, published a PoC showing that he was able to take advantage of the security gap. He also published the exploit code who wrote about the PoC.
Al-Qabandi reported the vulnerability to Microsoft via ZDI in July, and Microsoft reportedly released it security updates who are repairing it last Tuesday.
The security gap affects operating systems: Windows 10, Windows Server 2016, and Windows Server on 1709 and 1803 builds.
_________________________
- Wi-Fi 6 what's different and why should I care?
- Windows 10: How to Change Language
- MediaHuman Audio Converter: Free Audio File Converter
- Epson Updates for non-use of third-party inks
- Chrome 62.0.3202.62 available for download
- Wireshark 2.6.4: network protocol analyzer