On October 14, 2014 iSIGHT Partners along with Microsoft reported a zero day vulnerability impacting all supported versions of Microsoft Windows. The vulnerability was discovered being exploited “in the wild”.
What is the issue?
The exploit is using PowerPoint files thus far (obviously that may evolve), which pulls in two files titled ‘slides.inf’ and ‘slide1.gif’. ‘slide1.gif’ is actually an executable program file, and ‘slides.inf’ is an installer that renames ‘slide1.gif’ to ‘slide1.gif.exe’ before adding a registry entry that will run the malicious program the next time you logon.
Should we be concerned?
This vulnerability is classified by NIST with a CVSS v2 base score of 9.3 High.
Opening a malicious Office document that exploits this vulnerability could allow arbitrary code to run in the context of the current user. If the current user has administrative user rights the attacker could run programs, delete files, or create new user accounts.
What types of systems are vulnerable?
All supported releases of Microsoft Windows excluding Windows Server 2003 are vulnerable.
For more Information, NIST and Microsoft have issued guidance for the “ Sandworm Vulnerability ”
Are you prepared to respond to and investigate cyber-attacks?
The Cyber Forensics Readiness Program from Tyler Cybersecurity is designed to prepare Incident Responders and IT personnel to quickly and cost-effectively capture and maintain evidence in a forensically sound manner following a breach. The training is supported by semi-annual collection exercises.
Image courtesy of chanpipat at FreeDigitalPhotos.net.