Adobe and Windows Zero-day Exploits in the Wild

By Eric Noonan • May 16, 2016

The recent news of two new zero-day exploits for Windows and Adobe users was disconcerting for many.  The Windows bug is being exploited in the wild, which users should install fixes as soon as possible.  Cataloged as CVE-2016-0189, the exploit allows attackers to execute malicious code when vulnerable computers visit booby-trapped websites.  According to ARS Technica and Symantec, many of the targeted attacks have been aimed at South Korean websites.  The vulnerability exists in the Jscript and VBScript engines and is exploited using Internet Explorer.  According to Symantec, the exploit may have been delivered through a link included in a spear-phishing email, or a compromised, legitimate website that redirected users to the exploit.  The landing page contained JavaScript code that profiled the computer belonging to the user visiting the site.  South Korea was severely impacted by this zero-day attack, which is heavily reliant on Internet Explorer.  Attackers target South Korean organizations often to gain remote access to South Korean organization computers, steal sensitive data, or even wipe hard drives. The Adobe bug was recently identified in a Flash vulnerability that gives attackers the ability to remotely hijack machines and is currently being exploited in the wild.  FireEye first reported the vulnerability on May 10.  The vulnerability affects Windows, Mac, Linux, and Chrome OS.  The CVE number is CVE-2016-4117.

In addition to these two zero-day exploits, over 100 organizations in North America last month fell victim to a tailored spear-phishing campaign aimed at the retail, restaurant, and hospitality industry.  The campaign would send emails that contained variations of Microsoft Word documents with embedded macros.  If enabled, the macros would then download and execute a malicious downloader called PUNCHBUGGY.  PUNCHBUGGY is a DLL that can interact with compromised systems and move laterally across the environment.  In addition, PUNCHBUGGY could take advantage of a previously unknown elevation of privileges (EoP) exploit and a point of sale memory scrapping tool dubbed PUNCHTRACK by FireEye.  According to FireEye, in some victim environments, “the threat actor exploited a previously unknown elevation of privilege (EoP) vulnerability in Microsoft Windows to selectively gain SYSTEM privileges on a limited number of compromised machines.”

Microsoft and Adobe have both released patches for all vulnerabilities: CVE-2016-0168, CVE-2016-0167, and CVE-2016-4117.  If you haven’t downloaded and installed the recent fixes, please do so as soon as possible.

CyberSheath can help protect your assets.  Contact us to learn more about our throughout information security assessments and other security-related program development.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO