📄 الوصف (الإنجليزية)
Microsoft Scripting Engine Memory Corruption Vulnerability — A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
🤖 ملخص AI
CVE-2018-8373 is a critical remote code execution vulnerability in the Microsoft Scripting Engine (VBScript) used by Internet Explorer. An attacker can exploit this by crafting a malicious webpage that, when visited, executes arbitrary code in the context of the current user. This vulnerability has known active exploits in the wild and was used in targeted attacks. With a CVSS score of 9.0 and public exploit availability, this poses an extreme risk to any organization still using Internet Explorer or legacy Windows systems.
📄 الوصف (العربية)
🤖 التحليل الذكي آخر تحليل: Apr 11, 2026 16:19
🇸🇦 التأثير على المملكة العربية السعودية
This vulnerability poses significant risk to Saudi organizations that still rely on Internet Explorer for legacy web applications, which is common in government agencies, banking systems connected to SAMA-regulated platforms, and healthcare institutions. Saudi government portals and internal systems that mandate IE compatibility are particularly vulnerable. Energy sector organizations including ARAMCO subsidiaries and contractors using legacy SCADA web interfaces through IE are at elevated risk. Telecom operators like STC with legacy customer management systems may also be affected. The availability of public exploits makes this a prime vector for APT groups targeting Saudi critical infrastructure.
🏢 القطاعات السعودية المتأثرة
Government
Banking
Healthcare
Energy
Telecommunications
Education
Defense
⚖️ درجة المخاطر السعودية (AI)
9.2
/ 10.0
🔧 Remediation Steps (English)
Immediate Actions:
1. Apply Microsoft security update KB4343205 (August 2018 Patch Tuesday) immediately on all affected systems.
2. Disable VBScript execution in Internet Explorer by setting the Internet Zone and Local Intranet Zone security to 'High' or by restricting VBScript via Group Policy.
3. Block active scripting in Internet Explorer zones via registry: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones
Compensating Controls:
4. Migrate all users from Internet Explorer to Microsoft Edge or Google Chrome immediately.
5. Implement network-level URL filtering to block known exploit delivery domains.
6. Deploy EMET (Enhanced Mitigation Experience Toolkit) or Windows Defender Exploit Guard with ASR rules to block VBScript execution from IE.
Detection Rules:
7. Monitor for suspicious VBScript execution: Sysmon Event ID 1 with parent process iexplore.exe spawning wscript.exe or cscript.exe.
8. Deploy IDS/IPS signatures for CVE-2018-8373 exploit patterns (Snort SID: 47612, 47613).
9. Monitor for anomalous IE process behavior including unexpected child processes and memory allocation patterns.
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تطبيق تحديث الأمان من مايكروسوفت KB4343205 (تحديث أغسطس 2018) فوراً على جميع الأنظمة المتأثرة.
2. تعطيل تنفيذ VBScript في Internet Explorer عن طريق ضبط أمان منطقة الإنترنت والشبكة المحلية على 'عالي' أو تقييد VBScript عبر سياسة المجموعة.
3. حظر البرمجة النصية النشطة في مناطق Internet Explorer عبر السجل.
الضوابط التعويضية:
4. ترحيل جميع المستخدمين من Internet Explorer إلى Microsoft Edge أو Google Chrome فوراً.
5. تنفيذ تصفية عناوين URL على مستوى الشبكة لحظر نطاقات توصيل الاستغلال المعروفة.
6. نشر Windows Defender Exploit Guard مع قواعد ASR لحظر تنفيذ VBScript من IE.
قواعد الكشف:
7. مراقبة تنفيذ VBScript المشبوه: Sysmon Event ID 1 مع عملية أب iexplore.exe تنشئ wscript.exe أو cscript.exe.
8. نشر توقيعات IDS/IPS لأنماط استغلال CVE-2018-8373.
9. مراقبة سلوك عملية IE غير الطبيعي بما في ذلك العمليات الفرعية غير المتوقعة.
📋 خريطة الامتثال التنظيمي
🟢 NCA ECC 2024
2-3-1 (Patch Management)
2-5-1 (Vulnerability Management)
2-6-1 (Malware Protection)
2-2-1 (Asset Management)
🔵 SAMA CSF
3.3.3 (Patch Management)
3.3.4 (Vulnerability Management)
3.4.1 (Malware Protection)
3.3.7 (Secure Configuration)
🟡 ISO 27001:2022
A.8.8 (Management of Technical Vulnerabilities)
A.8.7 (Protection Against Malware)
A.8.9 (Configuration Management)
A.8.23 (Web Filtering)
🟣 PCI DSS v4.0
6.3.3 (Install Critical Security Patches)
6.2 (Develop Secure Systems)
5.2 (Deploy Anti-Malware)
11.5 (Deploy IDS/IPS)
🔗 المراجع والمصادر 0
لا توجد مراجع.
📦 المنتجات المتأثرة 1 منتج
Microsoft:Internet Explorer Scripting Engine