Reg comments2

Sundown exploit kit weaves Edge hack hole

Thankfully most users are patched

Authors of the Sundown exploit kit have integrated a since patched and limited Microsoft Edge vulnerability from a security firm's public proof-of-concept.

The addition of the twin bugs (CVE-2016-7200 and CVE-2016-7201) means unpactched users of one of the world's most unpopular web browsers are likely to be targeted by a wide cross-section of malware writers.

It is no cause for high concern for most Windows users: the Edge browser by default applies patches automatically meaning fewer users would be affected, while improved exploit mitigations in Windows 10 frustrates the ability for criminals to have malware execute.

However, the Edge Chakra JavaScript scripting exploit will be incorporated quickly into rival kits since use of zero days and new vulnerabilities are a prized advantage in the highly competitive exploit kit market.

Malware monitor Kafeine reported Sundown's use of the exploits which were taken from a proof-of-concept released by Texas security startup Theori.

"​I have been told that with Windows 10 (release 1607), Microsoft Edge has some quite strong mitigation," Kafeine says.

"No WinExec, no CreateProcess, no ShellExecute, meaning every child process creation is blocked.

"The proof-of-concept might need a little more magic powder to work."

The incorporation of the exploit into Sundown breaks the period of quiet in the exploit kit marketplace since the downing of Angler, then the world's reigning king of highly-capable exploit kits.

Spiderlabs hackers in September badged Sundown as the current champ in the exploit kit market, albeit one at least then more versed in copy and paste than original coding. ®

Sign up to our Newsletter

Get IT in your inbox daily

Biting the hand that feeds IT © 1998–2017