Operators behind the infamous Neutrino EK have recently added the code to exploit an Internet Explorer vulnerability that was patched with the release of the MS16-053 security bulletin.
The MS16-053 bulletin patched two remote code execution vulnerabilities in the JScript (CVE-2016-0187) and VBScript (CVE-2016-0189) scripting engines
The security vulnerabilities can be exploited through the Internet Explorer web browser, unfortunately, the CVE-2016-0189 had been exploited in targeted attacks against Windows users in South Korea before Microsoft fixed it.
In order to trigger the vulnerability, victims have to visit a compromised website or open a spear-phishing email containing a malicious link.
Experts from startup Theori have made a reverse engineering of the MS16-053 and published a PoC exploit for the CVE-2016-0189 vulnerability.
The PoC code works on Internet Explorer 11 running on Windows 10, a great gift for fraudsters that included it in the Neutrino EK as confirmed by FireEye.
Researchers from FireEye noticed that last version of the Neutrino EK included exploits for a total of five vulnerabilities, three Flash Player flaws (CVE-2016-1019, CVE-2016-4117 and CVE-2015-8651) and two Internet Explorer (CVE-2014-6332 and CVE-2016-0189).
“CVE-2016-0189 was originally exploited as a zero-day vulnerability in targeted attacks in Asia. The vulnerability resides within scripting engines in Microsoft’s Internet Explorer (IE) browser, and is exploited to achieve Remote Code Execution (RCE). According to the researcher’s repository, the open source exploit affects IE on at least Windows 10. It is possible that attackers could use or repurpose the attack for earlier versions of Windows.” states FireEye. “In this example, Neutrino embedded exploits for five patched vulnerabilities: three for Adobe Flash Player (CVE-2016-4117, CVE-2016-1019, CVE-2015-8651) and two for Internet Explorer (CVE-2016-0189, CVE-2014-6332). CVE-2016-0189 is the newest addition to Neutrino’s arsenal.”
The experts compared the code used in the Neutrino EK and the one released by the researchers. Researchers from FireEye speculate that crooks might be able to adapt the exploit for older versions of the operating system as well.
In January, experts from Heimdal Security warned a spike in cyber attacks leveraging the popular Neutrino and RIG exploit kit, the crimeware kits have become the most popular exploit kits after Angler and Nuclear disappeared.
[adrotate banner=”9″]
(Security Affairs – Neutrino EK, cybercrime)
Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer…
Security researchers at Citizen Lab revealed that Paragon's Graphite spyware can hack fully updated iPhones…
Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by…
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known…
Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and…
INTERPOL announced that a joint operation code-named Operation Secure took down 20,000+ malicious IPs/domains tied…
This website uses cookies.