TechRadar

Microsoft console files are being exploited to let hackers gain access to private systems

By Sead Fadilpašić,

3 days ago

Hackers are now using custom-made MSC files to abuse a known, but unpatched, Windows cross-site scripting (XSS) vulnerability which could allows them to remotely execute malware or malicious code on target devices.

Cybersecurity researchers from the Elastic team recently spotted threat actors distributing Microsoft Saved Console (MSC) files, which are generally used by the Microsoft Management Console (MMC). This tool handles different parts of the operating system, and can create custom views of commonly accessed tools.

In this case, however, MSC files exploit an old DOM-based XSS flaw, allowing for the execution of arbitrary JavaScript through carefully crafted URLs. The JavaScript code, in turn, ends up deploying a Cobalt Strike beacon for initial access to target networks. However, the researchers are saying it could also be used to run other commands, as well.

Novel ways to drop malware

This is a new command execution technique, the researchers said, which is why they dubbed it “GrimResource”.

Who the attackers are, or how they usually deliver these MSC files to their victims was not discussed. However, it is safe to assume that they are doing it through usual channels, such as phishing, instant messaging, social engineering, fake landing pages, and similar.

Threat actors were essentially pushed into discovering new ways to deploy malware, since Microsoft disabled macros on Office files downloaded from the internet.

Macros were, by far, the most popular attack vector, as they allowed hackers to deploy malware through innocent-looking Office documents (Word, Excel, and PowerPoint files). When that method no longer worked, they pivoted towards shortcut files (.LNK), image files (ISO) wrapped in a .ZIP or similar archive, and more. These file types did not properly propagate Mark of the Web (MoTW) flags to extracted files, allowing the malware to pass certain safety checks.

Now, since most of these methods are no longer as effective, hackers came up with something new.

Via BleepingComputer

More from TechRadar Pro

Microsoft Office is now blocking macros by default
Here's a list of the best firewalls today
These are the best endpoint protection tools right now

Expand All

Read in NewsBreak

Comments / 0

Add a Comment

PC Magazine26 days ago

Android owners warned of ‘Medusa’ attack that raids bank accounts targeting UK and US users – look out for 3 danger apps

The US Sun4 days ago

Every Android and iPhone user warned to turn cell off once a week to stop eerie attack as NSA warns ‘threats increasing’

The US Sun5 days ago

4 ‘Dangerous’ iPhone Apps Security Experts Want You To Delete ASAP Because They Make Your Data Vulnerable To Hackers: Facebook & More

shefinds18 days ago

Here's how to keep your data private on your phone, PC, and tablet

xda-developers6 days ago

How to Remove Malware from Your Android Device

miamiwire.com11 days ago

Researchers say 280 million people have installed malware-infected Chrome extensions in the last 3 years

TechSpot5 days ago

Google already had defense against Snowblind Android malware

Android Headlines3 days ago

Kaspersky is banned in the US – here are 3 superb alternatives

TechRadar2 days ago

Samsung might finally be about to deal with the Galaxy S24 Ultra's biggest problem

TechRadar1 day ago

3 Zodiac Signs Who Are Two-Faced

Total Apex Sports & Entertainment15 days ago

7 iPhone Mistakes That Could Lead To Your Device Being Hacked & Your Data Being Stolen: Never Updating Your Software & More

shefinds22 days ago

Microsoft make major Windows 10 U-turn ahead of end-of-support in 2025

Laptop23 days ago

Chrome security alert — clicking this error will open the malware floodgates on your PC

Tom's Guide11 days ago

Here's how you can quickly turn an old laptop or desktop PC into a powerful Windows server

xda-developers16 days ago

Hackers are now using 'malware cluster bombs' in their attacks — how to stay safe

Tom's Guide1 day ago

Microsoft apparently hates it when you switch from Microsoft Account to Local account

Neowin7 days ago

Apple Passwords is great, but I'm sticking with other password managers for now

Android Authority12 days ago

Microsoft compels Windows 10 users to upgrade to Windows 11 with annoying full-screen banners again

Windows Central26 days ago

This new threat infects devices with a dozen malware at once

TechRadar1 day ago

Welcome to NewsBreak, an open platform where diverse perspectives converge. Most of our content comes from established publications and journalists, as well as from our extensive network of tens of thousands of creators who contribute to our platform. We empower individuals to share insightful viewpoints through short posts and comments. It’s essential to note our commitment to transparency: our Terms of Use acknowledge that our services may not always be error-free, and our Community Standards emphasize our discretion in enforcing policies. We strive to foster a dynamic environment for free expression and robust discourse through safety guardrails of human and AI moderation. Join us in shaping the news narrative together.

Comments / 0

Community Policy