Published on October 4th, 2019 📆 | 4329 Views ⚑
0Exploit Prevention: Microsoft Office Memory Corruption
Text to Speech
Watch more Tech Dive videos here https://www.youtube.com/watch?v=BtG5qZxxatY&list=PLPmbqO785HltQyUjGUVg-0hFlixFOC0qO
In this video, we demonstrate how our Endpoint Security product protects against the exploitation of vulnerability CVE-2017-11882 (Microsoft Office Memory Corruption Vulnerability). This vulnerability allows an attacker to run arbitrary code in the context of the current user.
To demonstrate our Exploit Prevention module at work, we’re keeping the file antivirus in our product switched off throughout this exercise.
First, we’ll test an unprotected system. Let’s open an infected RTF file containing an exploit. Exploitation could result in any sort of dangerous code being run – but for demonstration purposes, the exploit has just launched calc.exe, and we can see that the Calculator application has opened.
Now let’s see what happens when the system is protected by Kaspersky Endpoint Security for Business
Now we can see that Kaspersky Endpoint Security for Business is running, but with the file AV turned off. Again, we click on an RTF file which includes the embedded exploit.
As we see, the RTF file has opened in #MicrosoftOffice, but this time Calculator has not launched. This is because our product has detected an exploit and blocked it, so the host is protected.
And finally, we can check the Reports screen covering the Exploit Protection component, which tells us more about the blocked object.
#Kaspersky #cybersecurity #ITsecurity
source
Gloss