Web Design

Your content goes here. Edit or remove this text inline.

Logo Design

Your content goes here. Edit or remove this text inline.

Web Development

Your content goes here. Edit or remove this text inline.

White Labeling

Your content goes here. Edit or remove this text inline.

VIEW ALL SERVICES 

Discussion – 

0

Discussion – 

0

Microsoft patches Zero Day vulnerability

In its latest Patch Tuesday releases, Microsoft pushed patches to fix about 20+ vulnerabilities in various MS products includes servers & desktops, Office, IE and .NET.

One of the update is specifically in addressing the zero-day flaw that is reportedly is already being exploited by Russion hacking groups. The vulnerability could have been used by attackers since early September, if not earlier than that, where the attackers infect victims with malicious attachments primarily PowerPoint files.

While the attack vector is PowerPoint, the vulnerability targets the OLE package manager in Microsoft Windows Desktops and Servers. The OLE packager (packager .dll) is able to download and execute external files like INF, allowing the attacker to execute commands.

Sandworm, the Russian Cybor Espionage group, is behind the attacks and the initial targets of the attack were:

  • NATO
  • Ukrainian government organizations
  • Western European government organization
  • Energy Sector firms (specifically in Poland)
  • European telecommunications firms
  • United States academic organizations

Currently, exploiting the zero-day vulnerability requires the execution of attachments such as PowerPoint. Attackers use social engineering tactics to engage victims to execute the malicious code thus resulting in an attack

Tags:

Binoy KL

0 Comments

You May Also Like