Microsoft has warned of a vulnerability present in Microsoft OLE, which affects all supported releases of Windows except for Windows Server 2003. “At this time, we are aware of limited, targeted attacks that attempt to exploit the vulnerability through Microsoft PowerPoint,” the software giant said in Security Advisory 3010060, issued late on 21 October.
It is thought that the vulnerability is being used by Sandworm Team, the Russian cyber espionage operators who last week exploited the CVE-2014-4114 zero-day vulnerability to conduct attacks on NATO, Ukrainian government organisations, and European energy and telecoms firms. Sandworm Team was identified by iSIGHT Partners on 14 October.
iSIGHT comments: “…the genesis of this [Sandworm] team appears to be around 2009. The team prefers the use of spear-phishing with malicious document attachments to target victims. Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia.”
OLE (Object Linking and Embedding) allows applications to create and edit compound data, enabling in-place editing. For example, users can edit Excel spreadsheets embedded in Word documents. If a user opens a file containing a malicious OLE object, they open themselves up to attack. All Microsoft Office files, including PowerPoint and Word, could contain malicious OLE objects.
Microsoft continues: “An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”
The exploitation of this vulnerability relies on convincing a user to open a malicious file – known as a phishing attack. As ever, IT Governance suggests vigilance. If you don’t know a file’s origins, don’t open it.
IT Governance’s comprehensive Employee Vulnerability Assessment service will identify potential vulnerabilities amongst your employees and provide recommendations of how to improve your security, enabling you to have a broad understanding of how you are at risk, and what you need to do to address these risks.
If you want to understand more about penetration testing, and how they can help improve your cyber security, then download our free Penetration Testing green paper today >>>