Zero-day
Vulnerability
On
10/21/14, Microsoft issued a warning about a Zero-day vulnerability that cyber
criminals are exploiting through PowerPoint files sent as email attachments!
Although
Microsoft provided a "Fixit" line that blocks the attacks seen so far
and users can use it to protect their PCs until a patch is available, it is not
same as " four-step threat scoring system it uses for security updates".
This bug, after a successful exploit, allows hackers to hijack the PC and steal
information and/or inject viruses
iSight slapped the moniker "Sandworm" on
the cyber-spy gang.
Although
Microsoft patched a similar vulnerability in the same month with eight updates
including OLE bug, hackers used it to make other attacks by exploiting " malformed
PowerPoint files". Yet, According to researchers at iSight Partners, Russian hacker crew used MS14-060 to attack Ukrainian
government agencies, NATO, Western European government agencies and companies
in the telecommunications and energy sectors since December 2013.
Microsoft
did not release a new patch yet, but they should as soon as possible.
Microsoft
also urged windows users to pay a close attention to the "User Account
Control (UAC) pop-ups" that alerts them before any action such as file downloads.
However, this still not an effective solution since most users click without a
second thought.
Hi Youssef,
ReplyDeleteThis is an interesting topic that I had no idea about! Many times when I have to use powerpoint, I will go to the campus computer lab and make the power point there since I do not have it on my lap top. Then, I email it to myself. Now that I read this, I am more hesitant to continue emailing myself power point files. Does this mean that I should not email PPT files all together? What about google drive: can I still save it to drive and then access the power point from there or is that still not safe?
I want to thank you for writing this article.This is great Article for me. It also more very informative & awesome.
ReplyDelete