Select Page

[Overview]

Microsoft Windows supports the use of ZIP documents as “compressed folders,” allowing users to browse the contents of ZIP documents through folders. Recently, Microsoft fixed a remote code execution vulnerability in the Windows Shell component.

[Vulnerability Details]

CVE-2018-0883: An attacker would craft a ZIP file containing a “setup” or “install” file and malware with directory traversal characters in one or multiple file names, send it to the target users, and induce them to open it. The vulnerability is triggered when a user opens and tries to install the file. Once the vulnerability is exploited, attackers can execute arbitrary code in the context of current user.

Vulnerability Source: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0883

[Severity]

Medium

[Affected Version]

  • Microsoft Windows 10
  • Microsoft Windows 10 Version 1511
  • Microsoft Windows 7
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 (Server Core)
  • Microsoft Windows Server 2012 R2 (Server Core)
  • Microsoft Windows Server 2016
  • Microsoft Windows Server 2016 Server Core
  • Microsoft Windows Server version 1709 (Server Core Installation)

[Suggestion]


Do not open unknown files or click on uncertain links.


Enable the Window Update function and install the appropriate security patches according to business needs

Microsoft’s official statement: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0883

[Hillstone Networks Solution]

Hillstone Networks has added signatures to the IPS signature database version 2.1.232. By deploying any Hillstone Networks solution with the IPS function, the Microsoft Windows Shell Zip File Remote Code Execution vulnerability can be quickly detected and effectively intercepted.


Threat Events Detected by Hillstone Solutions


Vulnerability Detail Description

Hillstone NGFWs Recognized for 8th Straight Year in Gartner® Magic Quadrant™, Named as a “Visionary”

Hillstone Networks Wins 2021 CybersecAsia Readers’ Choice Award

ZTNA: A Better Way to Control Access, Boost Security

Hillstone sBDS V3.4 Extends Supplementary Detection Capabilities

Kudos to the Hillstone Security Research Team for Being Acknowledge by Microsoft for Vulnerability Discovery

Hillstone Releases iSource, an Extended Detection and Response Platform

Hillstone’s A200W streamlines deployment of cost-effective perimeter solution

Endpoint Detection and Response: Getting from Good to Great

ADC V2.9 delivers traffic and balances links at an unprecedented level