What do NATO, the Ukraine and European telecom companies all have in common? They’ve all been targeted by a hacking group using an undisclosed vulnerability in Windows that Microsoft patched today.
Known as “CVE-2014-4114,” the vulnerability was detected by the iSIGHT security research team last month. It had been used by a group of Russian hackers that the researchers have dubbed the “Sandworm Team.”
The vulnerability lies in Windows and Windows Server’s OLE package manager, and allows an attacker to remotely execute code on a target machine. It was used as a part of a “spear-phishing” attack which involved a targeted campaign to try and convince victims to open a PowerPoint file that could exploit the vulnerability.
According to iSIGHT’s report, the attacks first surfaced in August of this year, and the company spent the past five weeks working with Microsoft to develop a patch for the vulnerability, all while monitoring Sandworm’s activity to ensure that the team wasn’t increasing its use of the exploit. All of the organizations targeted by the attack were notified as soon as iSIGHT detected the vulnerability.
There’s a silver lining in this sandworm-filled cloud: it looks like there wasn’t any broad exploitation of this vulnerability beyond its use by the Russian hacking team, and those attacks were limited to a set of high-value targets. Still, now that it’s out in the open, it’s possible that more groups may try to take advantage of those people who don’t keep their patches up to date.
People who want to protect themselves from the vulnerability should make sure to install the latest set of security patches when they are released. Windows XP, thankfully, is not affected by the vulnerability.