1. SecPod Technologies
  2. KB Articles
  3. How To's

    Fixing IE Zero Day CVE-2018-8653 using SanerNow

    Follow

    Overview:
    Microsoft today has released an out-of-band security update for a critical security issue that attackers are already using to take over Windows systems. The vulnerability has been discovered by Clement Lecigne of Google's Threat Analysis Group.

    This zero-day vulnerability has been assigned CVE-2018-8653 identifier and impacts Windows Internet Explorer. This vulnerability exists in the way the IE scripting engine handles objects in memory.

    Successful exploitation could entitle the attacker to execute arbitrary code in the current user's context. In other words, if the current user is logged in as an administrator, the attacker, after succeeding in the exploitation can gain the same rights as that of the user and thus take control of the whole affected system. This is achieved by the attacker through a specially-crafted website which he may be able to convince a user to view.

    In the preceding four months, Microsoft has issued patches to four zero-day vulnerabilities (CVE-2018-8611, CVE-2018-8589, CVE-2018-8453and CVE-2018-8440) and if the user has missed applying any of these patches, then this vulnerability coupled with any of the previous zero-days can be used to take complete control of the affected system.

    Affected Products:
    Internet Explorer 9
    Internet Explorer 10
    Internet Explorer 11

    Affected OS:
    Windows 7
    Windows 8.1
    Windows 10
    Windows Server 2008 & 2008 R2
    Windows Server 2012 & 2012 R2
    Windows Server 2016
    Windows Server 2019

    Solution:
    To address this vulnerability Microsoft already released the patch. We can use SanerNow platform to apply this fix quickly across the network as shown in the below diagram or use Windows Update to install this security fix.

    This vulnerability is been actively exploited by the attacker to break into the system, hence consider applying the solution immediately. 

    SanerNow-KB4467682-CVE-2018-8653.png

     

    Workaround:
    This vulnerability makes use of the jscript as the scripting engine. In case a user is not able to patch his/her system due to miscellaneous issues, they can use the following workaround suggested by Microsoft.

    Automate Workaround with SanerNow:

    1. Download the CVE-2018-8653_IE_Zero-Day_fix.zip which is attached.

    2. Login to SanerNow

    3. Switch to the account/site specific view

    4. Use the 'EM tool' to create an Action

    5. Select 'Software Deployment' feature

    6. Click on Upload, which is on the upper right corner.

    7. Click on the 'Open the file Browser', upload 'CVE-2018-8653_IE_Zero-Day_fix.zip' file and Click on Close.

    8. Once uploaded package is visible, Click on 'exclamation mark' as shown in the below diagram.

    CVE-2018-8653_-Installer.png

     

    9. Click on edit in the newly opened window and set the silent option as /S click on 'Update Details' as sown in the below diagram.

    CVE-2018-8653_-Workaround.png

     

    10. Select uploaded package and click on install, which is in the upper right corner.

    11. Select 'Group' for which we need to apply the workaround and click 'next'

    12. Enter the required details and click on 'Create Installation task' as shown in the below diagram.

    CVE-2018-8653-Workaround-Install.png

     

    Follow the same above same steps using 'CVE-2018-8653_IE_Zero-Day_fix_revert.zip' to revert the workaround fix.

     

    References:
    https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8653

     

    Was this article helpful?
    0 out of 0 found this helpful

    Comments