Hackers using new Windows vulnerability

Microsoft is rushing out a patch for a newly-discovered zero-day vulnerability which affects all currently  supported versions of  Windows (including Vista) and Windows Server 2008 and 2012.

The news came this morning from security firm iSight Partners, which in conjunction with Microsoft discovered the hole in the OLE package manager in the client and server versions of Windows after attacks on unspecified NATO countries and institutions (Canada is a member of NATO), academic institutions in the U.S., Ukrainian government organizations, Western European government organization, energy sector firms (specifically in Poland) European telecommunications firms United States academic organization.

Researchers at iSight and Fortinet believe the vulnerability is being exploited by a group from Russia. iSight has dubbed them the Sandworm Team.

Microsoft has dubbed the vulnerability CVE-2014-4114, and detailed in this bulletin.

iSight said it has been monitoring the Sandworm Team’s activities from late 2013. It apparently prefers to  use of spear-phishing with malicious document attachments — sometimes a PowerPoint — to target victims. “Many of the lures observed have been specific to the Ukrainian conflict with Russia and to broader geopolitical issues related to Russia,” the researchers said. “The team has recently used multiple exploit methods to trap its targets including the use of BlackEnergy crimeware, exploitation of as many as two known vulnerabilities simultaneously, and this newly observed Microsoft Windows zero-day.”

While iSight has detected the vulnerability it can’t say if any data was compromised. Although it has known about the vulnerability for weeks, it held back divulging the information until today, which is Microsoft’s normal Patch Tuesday.

“Given that affected parties were notified and that we did not witness a major surge / broader propagation of the exploit based upon our visibility into the team’s command and control infrastructure, we elected to time the disclosure to the availability of a patch. This timing minimizes the potential for other bad actors to take advantage of the vulnerability.”

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@]

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web