Ten tips for more secure sofware
Image from Shutterstock.com

Microsoft is rushing out a patch for a newly-discovered zero-day vulnerability which affects all currently  supported versions of  Windows (including Vista) and Windows Server 2008 and 2012.

The news came this morning from security firm iSight Partners, which in conjunction with Microsoft discovered the hole in the OLE package manager in the client and server versions of Windows after attacks on unspecified NATO countries and institutions (Canada is a member of NATO), academic institutions in the U.S., Ukrainian government organizations, Western European government organization, energy sector firms (specifically in Poland) European telecommunications firms United States academic organization.

Researchers at iSight and Fortinet believe the vulnerability is being exploited by a group from Russia. iSight has dubbed them the Sandworm Team.

Microsoft has dubbed the vulnerability CVE-2014-4114, and detailed in this bulletin.

iSight said it has been monitoring the Sandworm Team’s activities from late 2013. It apparently prefers to  use of spear-phishing with malicious document attachments — sometimes a PowerPoint — to target victims. “Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” the researchers said. “The team has recently used multiple exploit methods to trap its targets including the use of BlackEnergy crimeware, exploitation of as many as two known vulnerabilities simultaneously, and this newly observed Microsoft Windows zero-day.”

While iSight has detected the vulnerability it can’t say if any data was compromised. Although it has known about the vulnerability for weeks, it held back divulging the information until today, which is Microsoft’s normal Patch Tuesday.

“Given that affected parties were notified and that we did not witness a major surge / broader propagation of the exploit based upon our visibility into the team’s command and control infrastructure, we elected to time the disclosure to the availability of a patch. This timing minimizes the potential for other bad actors to take advantage of the vulnerability.”

Previous articleAdobe goes seriously mobile
Next articleWords of wisdom from big data conference
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com