ExtremeHacking
Today : | Time : | safemode : ON
> / Main Website / Cyber Surakha Abhiyan / Hackers Charity / Linkedin / facebook / twitter /
Name Author Perms Com Modified Label

Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO Unknown rwxr-xr-x 0 10/14/2014

Filename Microsoft Windows Zero-Day Vulnerability "CVE-2014-4114" Used to Hack NATO
Permission rw-r--r--
Author Unknown
Date and Time 10/14/2014
Label
Action
Ethical Hacking Institute in Pune
./Arizona Team

Once again a Russian cyber espionage group has gained media attention by exploiting a Zero-day vulnerability in Microsoft’s Windows operating system to spy on the North Atlantic Treaty Organization (NATO), Ukrainian and Polish government agencies, and a variety of sensitive European industries over the last year.






















ZERO-DAY VULNERABILITY IN MICROSOFT WINDOWS
Researchers at cyber intelligence firm iSight Partners have discovered a zero-day vulnerability that impacts desktop and server versions of Windows, from Vista and Server 2008 to current versions. They also uncovered a latest cyber-spying campaign - suspected to be based in Russia - that uses this Zero-day vulnerability (CVE-2014-4114) to target government leaders and institutions for nearly five years.

The recently detected Russian hacking group is dubbed as "Sandworm Team" by iSIGHT Partners because it found references to the Frank Herbert's "Dune" science fiction series in the malicious software code used by the Russian hackers.

THE NOTORIOUS ZERO-DAY

The zero-day vulnerability is "An exposed dangerous method vulnerability exists in the OLE package manager in Microsoft Windows and Server" that "allows an attacker to remotely execute arbitrary code," according to the report.

"The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files," iSight Partners writes. "In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources. This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands."

The Russian hacking group is probably working for the government and has been active since at least 2009 and, according to iSight Partners, the cyber espionage campaign is still ongoing.

The intelligence firm began monitoring the hackers’ activity in late 2013 and discovered the zero-day vulnerability in late August. It "discovered a spear-phishing campaign targeting the Ukrainian government and at least one United States organization" during the NATO summit in Wales, where member states discussed Russia’s actions in Ukraine.

"On September 3rd, our research and labs teams discovered that the spear-phishing attacks relied on the exploitation of a zero-day vulnerability impacting all supported versions of Microsoft Windows (XP is not impacted) and Windows Server 2008 and 2012," iSight writes.

"A weaponized PowerPoint document was observed in these attacks. Though we have not observed details on what data was exfiltrated in this campaign, the use of this zero-day vulnerability virtually guarantees that all of those entities targeted fell victim to some degree."

MICROSOFT TO RELEASE PATCH SOON

The threat intelligence firm said it reported the critical zero-day vulnerability to the Microsoft Corp. and held off on disclosing the problem so that the software maker had time to fix the flaw.

Microsoft plans to release a patch for the vulnerability on Tuesday patch in security bulletin MS14-060, as part of its monthly “Patch Tuesday” — an organized release of patches to vulnerabilities in the company’s software. A Microsoft spokesman said the company plans to roll out an automatic update to the affected versions.

www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CHECKPOINT ASA FIREWALL VMWARE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking, IT Security Training Information Security Traning Courses in Pune, ceh certification in pune, Ethical Hacking Course in Pune
 

Cyber Suraksha Abhiyan | Sadik Shaikh © 2015 Sadik Shaikh | CEH V9 | ETHICAL HACKING Course Training Institute in India-Pune
Extreme Hacking Template design by Sadik Shaikh | Cyber Suraksha Abhiyan