"In the attack chain documented by the Windows maker, the threat actors have been found to trick unsuspecting users into visiting a seemingly legitimate website and then employ a flyout on the page to instruct them into reloading the page in IE mode. Once the page is reloaded, the attackers are said to have weaponized an unspecified exploit in the Chakra engine to obtain remote code execution."
"The activity is concerning, not least because it subverts modern defenses baked into Chromium and Microsoft Edge by launching it in a less secure state using Internet Explorer, effectively allowing the threat actors to break out of the confines of the browser and perform various post-exploitation steps, including malware deployment, lateral movement, and data exfiltration. Microsoft did not disclose any details regarding the nature of the vulnerabilities, the identity of the threat actor behind the attacks, and the scale of the efforts."
Microsoft updated Edge's Internet Explorer (IE) mode after credible reports that unknown threat actors abused the backward-compatibility feature to gain unauthorized access. Attackers used basic social engineering together with unpatched (0-day) vulnerabilities in Internet Explorer's Chakra JavaScript engine to trick users into reloading pages in IE mode. After reload, a Chakra exploit provided remote code execution and a second exploit elevated privileges out of the browser, allowing full device takeover. The technique bypassed Chromium and Edge modern defenses by running in a less secure IE state. Microsoft removed IE-mode UI entry points and requires explicit, case-by-case enablement.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]