By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

An Internet Explorer zero-day vulnerability that came to light last month has now been incorporated in the RIG exploit kit, a web-based toolkit that malware authors use to infect a site's visitors with malware. The vulnerability in question is CVE-2018-8174. This vulnerability affects VBScript, the Visual Basic scripting engine that's included with Internet Explorer and Microsoft Office. On April 20, Bleeping Computer learned from a Chinese security researcher that a cyber-espionage group was using this vulnerability to infect users via Internet Explorer, as part of a series of attacks conducted by what later proved to be a North Korean state-sponsored hacking group. Security researchers from Qihoo 360, who first spotted these attacks, reported the vulnerability to Microsoft, and the company patched the bug in the May 2018 Patch Tuesday security updates, released on May 8. More details can be found on OUR FORUM.