In its latest Patch Tuesday releases, Microsoft pushed patches to fix about 20+ vulnerabilities in various MS products includes servers & desktops, Office, IE and .NET.
One of the update is specifically in addressing the zero-day flaw that is reportedly is already being exploited by Russion hacking groups. The vulnerability could have been used by attackers since early September, if not earlier than that, where the attackers infect victims with malicious attachments primarily PowerPoint files.
While the attack vector is PowerPoint, the vulnerability targets the OLE package manager in Microsoft Windows Desktops and Servers. The OLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.
Sandworm, the Russian Cybor Espionage group, is behind the attacks and the initial targets of the attack were:
- Ukrainian government organizations
- Western European government organization
- Energy Sector firms (specifically in Poland)
- European telecommunications firms
- United States academic organizations
Currently, exploiting the zero-day vulnerability requires the execution of attachments such as PowerPoint. Attackers use social engineering tactics to engage victims to execute the malicious code thus resulting in an attack