RSS

Microsoft’s recent success in blocking in-the-wild attacks is eerily good

09 May

Enlarge (credit: Stephen Brashear / Getty Images News)

Microsoft engineers have neutralized a series of attacks that took control of targeted computers by exploiting independent vulnerabilities in Word and Windows. Remarkably, the software maker said fixes or partial mitigations for all four security bugs were released before it received private reports of the attacks.

Both versions of the attacks used malformed Word documents that were attached to phishing e-mails sent to a highly select group of targets. The malicious documents chained together two exploits, one that targeted flaws in an Encapsulated PostScript filter in Word and the other that targeted elevation-of-privilege bugs in Windows so that the attack could break out of the security sandbox that fortifies Office. Encapsulated PostScript is an old format that’s rarely used any more.

One version of the attacks combined an exploit for a Word EPS flaw designated as CVE-2017-0261 with an exploit for CVE-2017-0001, a Windows privilege-escalation bug. By the time Microsoft received a private report of ongoing attacks in March, the company had already released a partial fix as part of its March Update Tuesday release. A second attack version exploited an EPS flaw indexed as CVE-2017-0262 in combination with CVE-2017-0263, a separate Windows privilege-elevation flaw.

Read 8 remaining paragraphs | Comments

Advertisements
 
Leave a comment

Posted by on May 9, 2017 in Uncategorized

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: