Geeks for your information Security Security Vendors Kaspersky Kaspersky Security Blog v
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,456
Threads: 10,381
Thanks Received: 9,394 in 7,540 posts
Thanks Given: 10,379
Joined: 12 September 18
#1
Bug  13 August 20, 15:50
Quote:
[Image: CVE-2020-1380_list.png]

Executive summary

In May 2020, Kaspersky technologies prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits: a remote code execution exploit for Internet Explorer and an elevation of privilege exploit for Windows. Unlike a previous full chain that we discovered, used in Operation WizardOpium, the new full chain targeted the latest builds of Windows 10, and our tests demonstrated reliable exploitation of Internet Explorer 11 and Windows 10 build 18363 x64.

On June 8, 2020, we reported our discoveries to Microsoft, and the company confirmed the vulnerabilities. At the time of our report, the security team at Microsoft had already prepared a patch for vulnerability CVE-2020-0986 that was used in the zero-day elevation of privilege exploit, but before our discovery, the exploitability of this vulnerability was considered less likely. The patch for CVE-2020-0986 was released on June 9, 2020.

Microsoft assigned CVE-2020-1380 to a use-after-free vulnerability in JScript and the patch was released on August 11, 2020.

We are calling this and related attacks ‘Operation PowerFall’. Currently, we are unable to establish a definitive link with any known threat actors, but due to similarities with previously discovered exploits, we believe that DarkHotel may be behind this attack. Kaspersky products detect Operation PowerFall attacks with verdict PDM:Exploit.Win32.Generic.

Internet Explorer 11 remote code execution exploit

The most recent zero-day exploits for Internet Explorer discovered in the wild relied on the vulnerabilities CVE-2020-0674, CVE-2019-1429, CVE-2019-0676 and CVE-2018-8653 in the legacy JavaScript engine jscript.dll. In contrast, CVE-2020-1380 is a vulnerability in jscript9.dll, which has been used by default starting with Internet Explorer 9, and because of this, the mitigation steps recommended by Microsoft (restricting the usage of jscript.dll) cannot protect against this particular vulnerability.
...
Continue Reading
Find
Reply
harlan4096 Online
MalWare Zoo Team
*******
Posts: 16,456
Threads: 10,381
Thanks Received: 9,394 in 7,540 posts
Thanks Given: 10,379
Joined: 12 September 18
#2
13 August 20, 15:53
Additional Info: https://www.kaspersky.com/blog/cve-2020-...ity/36698/
Find
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
Privazer 4.0.123 (05 June 2026)
v4.0.123 (05 June ...harlan4096 — 07:35
Brave Software Launches Origin, a Paid B...
Brave Software has...harlan4096 — 18:51
AMD Radeon Adrenalin Edition 20.11.2
AMD Adrenalin 26.6.1...harlan4096 — 17:26
LibreOffice 26.2.4
Berlin, 5 June 202...harlan4096 — 12:17
Surfshark VPN : Award-winning VPN servi...
Surfshark Apps Ver...jasonX — 11:34

[-]
Birthdays
Today's Birthdays
avatar (48)BrantgoG
Upcoming Birthdays
avatar (49)rapedDow
avatar (44)Johnsonsyday
avatar (49)Groktus
avatar (41)efodo
avatar (39)Tedscolo
avatar (46)brakasig
avatar (51)smudloquask
avatar (46)benchJem
avatar (45)JamesReshy
avatar (47)Francisemefe
avatar (40)leoniDup
avatar (39)Patrizaancem
avatar (39)biobdam
avatar (42)zacforat
avatar (47)NemrokReks
avatar (38)Barrackleve
avatar (40)Julioagopy
avatar (50)aolaupitt2558
avatar (48)vadimTob
avatar (38)leannauu4
avatar (40)storoBox
avatar (48)kinotHeemn
avatar (39)Ceballos1976
avatar (40)efynu
avatar (32)horancos

[-]
Online Staff
There are no staff members currently online.

>