Sage Advice - Cybersecurity Blog

Sandworm Vulnerability Advisory

sandwormOn October 14, 2014 iSIGHT Partners along with Microsoft reported a zero day vulnerability impacting all supported versions of Microsoft Windows. The vulnerability was discovered being exploited “in the wild”.

What is the issue?

The exploit is using PowerPoint files thus far (obviously that may evolve), which pulls in two files titled ‘slides.inf’ and ‘slide1.gif’. ‘slide1.gif’ is actually an executable program file, and ‘slides.inf’ is an installer that renames ‘slide1.gif’ to ‘slide1.gif.exe’ before adding a registry entry that will run the malicious program the next time you logon.

Should we be concerned?

This vulnerability is classified by NIST with a CVSS v2 base score of 9.3 High.

Opening a malicious Office document that exploits this vulnerability could allow arbitrary code to run in the context of the current user. If the current user has administrative user rights the attacker could run programs, delete files, or create new user accounts.

What types of systems are vulnerable?

All supported releases of Microsoft Windows excluding Windows Server 2003 are vulnerable.

For more Information, NIST and Microsoft have issued guidance for the “ Sandworm Vulnerability ”

Are you prepared to respond to and investigate cyber-attacks?

The Cyber Forensics Readiness Program from Tyler Cybersecurity is designed to prepare Incident Responders and IT personnel to quickly and cost-effectively capture and maintain evidence in a forensically sound manner following a breach. The training is supported by semi-annual collection exercises.

Learn more

Image courtesy of chanpipat at

Topics: Threat Advisories

The Tyler Cybersecurity Lifecycle

Cybersecurity isn’t a destination.

Cybersecurity Lifecycle

There is no single, straight path that will get you to the point where you can say, “We did it! We’re 100% cyber-secure.”

A more realistic destination is cyber resiliency – the ability to prepare for and adapt to changing conditions, so you can withstand and recover rapidly from disruptions. Achieving cyber resilience depends on what we like to call the cybersecurity lifecycle – an ongoing cycle of interconnected elements that compliment and reinforce one another.

Learn More