A change of focus took place in the Magniber ransomware’s gang attack method arsenal, as now the threat actor group started to propagate the ransomware and encrypt users’ devices by means of two Internet Explorer vulnerabilities.
Internet Explorer Vulnerabilities Targeted by Magniber Ransomware
As BleepingComputer publication mentions, the Magniber ransomware gang is exploiting two Internet Explorer vulnerabilities.
The first was dubbed CVE-2021-26411, being characterized by a CVSS of 8.8. It was patched during the month of March this year, being a memory corruption bug.
An attacker could host a specially crafted website designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website. The attacker could also take advantage of compromised websites or websites that accept or host user-provided content or advertisements, by adding specially crafted content that could exploit the vulnerability.
The second flaw was dubbed CVE-2021-40444, it is basically a remote code execution located in the rendering browser engine of Internet Explorer. This has also a score of 8.8.
Microsoft is investigating reports of a remote code execution vulnerability in MSHTML that affects Microsoft Windows. Microsoft is aware of targeted attacks that attempt to exploit this vulnerability by using specially-crafted