The Zero-Vulnerability is back haunt Microsoft, after an earlier patch failed to fix the bug. New reports indicate the vulnerability is being used to target to target the Taiwan entities allegedly by Chinese hackers.
Microsoft had earlier warned of a Zero-vulnerability in all Windows Operating Systems expect for Window Server 2003, that could exploited by hacker execute codes remotely and launch attacks in the wild. The vulnerability is now being exploited to wage cyber-attacks on Taiwan targets.
“The vulnerability is seemingly now being used in attacks on Taiwanese targets, exploited by hackers creating malicious PowerPoint documents that launched exploit code on target PCs when opened, although they could have used any Office file,” reported the guardian.
The Zero day vulnerability is within the operating system’s code for handling OLE (object linking and Embedding). Ole allows applications to share files of different formats. For instance a user is able to edit an Excel spreadsheet in a word document using the OLE technology.
A successful attack gives the hacker the same rights as the current user. In case the user is logged on as the administrator, the vulnerability will allow the hacker to take full control of the system, allowing him to do install programs, edit or delete files and access sensitive information.
A few weeks ago, iSight Partners notified Microsoft of a Zero day vulnerability being exploit by a group of hackers know as Sandworm to steal diplomatic and intelligence document from NATO computers , the Ukrainian government, EU governments ,French telecommunication firms and polish energy firms .
Reports from iSight indicates Sandworm hackers were Russians mainly targeting the critics of Russia’s annexation of Ukraine and its involvement in the ongoing war. Experts also believe Sandworm was a government backed outfit considering they engaged in cyber espionage rather than usual cyber theft.
Attackers infected victims’ computers through malicious PowerPoint files sent through email. All the files were written in Russian. Microsoft issued a patch for Sandworm but it is clear the patch failed miserably. “Apparently the patch that Microsoft released for the Sandworm vulnerability didn’t properly patch it and this new vulnerability exploits that,” he said.
It is not clear whether the Sandworm group is behind the recent attacks on Taiwan, but security experts say the attacks are similar to those engineered by the notorious group. “We have seen several samples, one of them probably targeting Taiwan and delivering the Taidoor malware that has been attributed to Chinese cyber espionage on the past.” says Jaime Blasco, director of AlienVault Labs,
Although Microsoft is yet to release a patch for the vulnerability, the software giant have published several mitigation on its advisory. More importantly Microsoft’s Enhanced Mitigation Experience Toolkit (EMET), which adds additional layers of protection on certain applications, significantly reduces the chances of a successful attack.
“We continue to work on a security update to address this cyber-attack. We’re monitoring the threat landscape very closely and will continue to take appropriate action to help protect our global customers,” said Tracey Pretorius, director for response communications at Microsoft.