Security advisories

Double Kill Zero-Day Vulnerability

February 27, 2019 | 1 MIN READ

Speak With A Security Expert Now

TALK TO AN EXPERT

Microsoft has released a patch to address a vulnerability in the Windows VBScript Engine. Double Kill, also known as CVE-2018-8174 1, has been actively exploited in the wild by a limited number of threat actors. If successfully exploited, Double Kill will give the threat actor the same permissions as the compromised user. Proof of concept (PoC) code has been released for this vulnerability, increasing the likelihood of additional threat actors exploiting the vulnerability2.

What we’re doing about it

What you should do about it

Additional information

DoubleKill affects a wide variety of Windows products that use the VBScript Engine; for a full list, see the Affect Products section of the official Windows release.

This vulnerability is caused by a failure in the way the VBScripts engine handles objects in memory. From initial assessment,s it appears that delivery of this exploit may occur through both phishing attempts and web-based attacks.


References:

[1] CVE-2018-8174 | Windows VBScript Engine Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8174

[2] The King is dead. Long live the King!
Root cause analysis of the latest Internet Explorer zero-day – CVE-2018-8174
https://securelist.com/root-cause-analysis-of-cve-2018-8174/85486/

View Most Recent Advisories