Russian hackers exploit zero-day vulnerability in Microsoft Windows
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.
October 14, 2014
It was reported earlier today in the blogosphere that some Russian hackers have exploited a zero-day security vulnerability in Microsoft Windows that hijacks and snoop on personal computers and several servers used by NATO and the European Union, says internet security firm iSight.
The software security vulnerability is present in desktop and the various server models of the Windows operating system, from Vista and Server 2008 to current versions such as Windows 7, 8 and Server 2008 as well as Server 2012.
No security patch for the hole exists yet, but it's expected to be fixed in today's Patch Tuesday update from Microsoft.
iSight has dubbed the vulnerability (CVE-2014-4114) “SandWorm” and this one looks to be as terrible as Shai-Hulud in full cry-- the security firm says the flaw was “used in a Russian cyber-espionage campaign targeting NATO, the European Union, the Telecommunications and various Energy sectors.”
According to iSight, “an exposed dangerous method vulnerability [CVE-2014-4114] exists in the OLE package manager in Microsoft Windows and Server that allows an attacker to remotely execute arbitrary code.”
“The security vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files,” iSight writes. “In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.”
“This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands,” the company warns.
iSight says it spotted the security hole while analyzing “Tsar Team”, a group of people suspected of being Russian cyber-espionage operatives, and in late August “discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization” during the NATO summit on the Ukraine crisis staged in Wales.
“On September 3rd, our research and security lab teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day security vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012,” iSight writes.
“A weaponized PowerPoint document was observed in these attacks. Though we have not observed details on what data was exported in this campaign, the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree,” the security firm warned.
iSight says it contacted all the impacted parties and has since worked with Microsoft on a fix that should land sometime today.
And in case you're wondering about the name, iSight says the exploit's code contains several references to Frank Herbert's classic.
Source: iSight Internet Security.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!