Delaware, USA – July 5, 2018 – Less than a month has passed since the publication of Proof-of-Concept code that can be used to deliver malware using the SettingContent-ms files, and now security researchers discovered the first working exploitation chains. On June 11, Matt Nelson published the research of a new possible attack vector, and since that time attackers started experiments on building an effective exploitation chain. The SettingContent-ms files can be used to execute arbitrary code on Windows 10 based systems. They are shortcuts containing the
A similar situation was with the exploitation of the DDE feature in Microsoft Office. Within a month attackers started its massive use for the distribution of Ransomware and Trojans. Even infamous APT groups used this technique in their campaigns. While there are no ways to detect the malicious use of the SettingContent-ms files, you can use APT Framework with your SIEM to uncover advanced malware that can bypass regular security tools.