×
5 Thursday, April 11, 2019 18:18

Microsoft: WinRAR exploit gives attackers 'full control' of Windows PC

{ "@context": "http://schema.

org", "@type": "VideoObject", "name": "Microsoft to organizations: How to secure your network", "description": "In its annual security intelligence report, Microsoft offers up its top tips for blocking out hackers.", "thumbnailUrl": " https://zdnet1.cbsistatic.com/hub/i/r/2019/03/04/4956186b-05f0-4710-9b35-b4f2d79f9624/thumbnail/570x322/be863d2247252e55e25073f1c545dfa6/microsoft-do-these-things-now-to-protect-5c792bdb60b294479c9b8ad2-1-mar-04-2019-15-16-38-poster.

jpg", "uploadDate": "2019-04-11T13:23:19Z", "duration": "PT0M50S", "embedUrl": "https://www.zdnet.com/video/share/microsoft-do-these-things-now-to-protect-your-network/" } Microsoft to organizations: How to secure your network In its annual security intelligence report, Microsoft offers up its top tips for blocking out hackers.

Microsoft has detailed a March attack on Windows customers in the satellite and communications sectors using "unusual, interesting techniques" that bear the hallmarks of APT group MuddyWater. The company's Office 365 ATP picked up archive (ACE) files loaded with the recently discovered WinRAR flaw, CVE-2018-20250, which has become widely used among cybercrime groups and nation-state hackers in recent months.

 The bug was co-opted for hacking after a February 20 report from Israeli security firm Check Point revealed that a malicious ACE file could place malware anywhere on a Windows PC after being extracted by WinRAR. Locations include the Windows Startup folder, where the malware would automatically execute on each reboot.

 A month before Check Point's report, WinRAR developers released a new version that dropped support for ACE because it was unable to update a library in WinRAR called Unacev2.dll that contained a directory traversal flaw.  However, by March, when this attack was detected by Microsoft, it's likely a large chunk of the world's 500 million WinRAR users hadn't updated to the non-ACE version or hadn't removed the vulnerable DLL.

    window.console && console.log && console.log("ADS: queuing inpage-video-top-5caf3fc6be93c for display"); var cbsiGptDivIds = cbsiGptDivIds || []; cbsiGptDivIds.push("inpage-video-top-5caf3fc6be93c"); The MuddyWater group's activities were first spotted in 2017. It is known to target users in the Middle East, Europe, and the.

.....


News Code: 101100  |  ZDNet
All news has been gathered by RoboNews Crawler

Related News

Most Viewed

Latest news pictures