Threat Summary On May 8th 2018 , Microsoft released critical security updates to patch a Remote Code Execution (RCE) vulnerability in the VBScript engine. The APT attack was discovered in the wild by Chinese antivirus company Qihoo 360 Core in late April targeting trade agencies in China via phishing campaigns. The attack exploits a Use-After-Free (UAF) memory corruption vulnerability (CVE-2018-8174) in the way Microsoft’s VBScript engine handles objects in memory, allowing an attacker to......

Read More