Items tagged with double kill

Yesterday was Patch Tuesday, which means that Microsoft issued a number of security updates for its operating systems and software suites. However, one particular exploit that caught our attention is already been exploited in the real world on Windows-based systems. The flaw was first discovered in the Windows VBScript engine by researchers from Qihoo 360 Core Security. For those that remember, this is the Double Kill exploit that Qihoo 360 Core Security described late last month, but it now has an official designation: CVE-2018-8174. According to Microsoft, there is a flaw in the way that the VBScript engine that allows for remote code execution. Microsoft goes on to confirm the... Read more...
If you are [for some bizarre reason] still running Microsoft's Internet Explorer web browser, you might want to take notice of a new zero-day vulnerability that is making the rounds around the globe. The exploit is called "Double Kill" and was discovered by Chinese security firm Qihoo 360. Qihoo 360 thankfully isn't divulging any technical details about Double Kill, but it does acknowledge that it has contacted Microsoft to give the company a heads up. What we do know, however, is that Double Kill involves an Internet Explorer vulnerability that uses Microsoft Word documents (usually sent an email attachment) as the attack vector.  Opening the Word document is all that is required for... Read more...