Patch your Windows 10 PC, now! Hackers are exploiting a zero-day flaw

Patch your Windows 10 device quick, as hackers are currently taking advantage of a zero-day “Double Kill” flaw in Internet Explorer to infect PCs across the globe. The fix is part of Microsoft’s latest Patch Tuesday update for Windows 10, addressing the vulnerability discovered by the Qihoo 360 Core Security team in late April. The flaw is officially labeled as CVE-2018-8174, ignoring the 360 Core Security team’s “Double Kill” codename. 

According to the team, hackers can embed a malicious website inside an Office document. Once opened, the embedded site deploys malicious code and its payload from a remote web-based server. The attack also bypasses the User Account Control component in Windows 10, acquiring administrator-level privileges. The attack is executed within the system memory as well, thus you’ll find no evidence of foul play on the device’s local storage. 

Microsoft says the problem resides in the VBScript engine. That’s short for Visual Basic Scripting, Microsoft’s programming language included in Internet Explorer for creating system management tools. The vulnerability resides in the way this engine handles objects in memory, allowing hackers to inject code into memory and gain the same user rights as the current user. 

“In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. An attacker could also embed an ActiveX control marked ‘safe for initialization’ in an application or Microsoft Office document that hosts the IE rendering engine,” Microsoft says. 

But that’s not all. Hackers could also take advantage of websites that “accept or host user-provided content or advertisements” by injecting specifically crafted content. The good news here is that the only attack vector discovered thus far is by injecting an Office document with a malicious website. Despite that limitation, a successful attack provides hackers with complete control of the victim’s PC without their knowledge. 

While many Windows 10 device owners may scratch their heads wondering why this Internet Explorer flaw is relevant, the browser still remains as a Windows component for legacy support. Many websites, applications, and corporations still rely on elements that are only compatible with Internet Explorer and have not moved on to the newer technology offered in Microsoft Edge.  

The 360 Security Center team said this is the first advanced persistent threat (APT) campaign to use an Office document carrying this specific Internet Explorer exploit payload. Using Office documents, however, is nothing new. 

“In recent years, we have discovered a rising trend that Office documents have taken the center stage of APT attacks,” the security team said. “Opening any malicious documents with “double kill” allows attackers to control victims’ computers without their knowledge, making ransomware infection, eavesdropping, and data leakage convenient and stealthy.” 

As always, never open a document from an unknown source. Also keep your Windows 10 PC up to date on a security level given Microsoft’s operating system is a highly popular target. Keep your firewall locked and loaded and your anti-virus solution updated as well. You can remove Internet Explorer by following these instructions. 


I tried an LTE laptop for a month, and I wasn’t really convinced

LTE laptops offer up plenty of benefits and are becoming more common. After spending one month with one in my daily life in New York City, I really wondered if it is something that consumers really need in their lives.
Movies & TV

The best shows on Netflix, from 'Haunting of Hill House’ to ‘Twilight Zone’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Smart Home

Man claims hacker talked to him through his Nest security camera

An Arizona man claims a white hat hacker was able to communicate with him through a hacked Nest Cam IQ internet-connected security camera and warn him about a vulnerability in the device.

These are the 5 best free antivirus apps to protect your MacBook

Malware protection is more important than ever, even if you eschew Windows in favor of Apple's desktop platform. Thankfully, protecting your machine is as easy as choosing from the best free antivirus apps for Mac suites.

Windows 10 user activity logs are sent to Microsoft despite users opting out

Windows 10 Privacy settings may not be enough to stop PCs from releasing user activity data to Microsoft. Users discovered that opting out of having their data sent to Microsoft does little to prevent it from being released.

Intel's discrete graphics will be called 'Xe,' IGP gets Adapative Sync next year

Intel has officially dubbed its discrete graphics product Intel Xe, and the company also provided details about its Gen11 IGP. The latter will include adaptive sync support and will arrive in 2019.

Intel answers Qualcomm's new PC processors by pairing Core and Atom in 'Foveros'

Intel has announced a new packaging technology called 'Foveros' that makes it easier for the company to place multiple chips together on one package. That includes chips based on different Intel architectures, like Core and Atom.

Razer’s classic DeathAdder Elite gaming mouse drops to $40 on Amazon

If you're looking to pick up a new gaming mouse for the holidays, Amazon has you covered with this great deal on the classic Razer DeathAdder Elite gaming mouse with customizable buttons, RGB lighting, and a 16,000 DPI optical sensor.

Intel's dedicated GPU is not far off -- here's what we know

Did you hear? Intel is working on a dedicated graphics card. It's called Arctic Sound and though we don't know a lot about it, we know that Intel has some ex-AMD Radeon graphics engineers developing it.

Firefox 64 helps keep your numerous tabs under control

Mozilla officially launched Firefox 64 by placing new features into the laps of its users including new tab management abilities, intelligent suggestions, and a task manager for keeping Firefox's power consumption under control.

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.

Apple MacBook Air vs. Microsoft Surface Pro 6

The MacBook Air was updated with more contemporary components and a more modern design, but is that enough to compete with standouts like Microsoft's Surface Pro 6 detachable tablet?

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts.

Email take-backsies! Gmail's unsend feature is one of its best

Everyone has sent a message they wish they could take back. How great would it be if you could undo that impulsive email? If you're a Gmail user, you can. Here's how to recall an email in Gmail.