** HEADS UP ** Microsoft Office Vulnerability - ACTIVELY BEING EXPLOTED
A very well written document on this exploit situation (place where I’ve taken information from)
** HEADS UP ** Microsoft Office Vulnerability - ACTIVELY BEING EXPLOTED.
Second heads up for in 2 weeks but this one is more actively being exploited. I SAY AGAIN THIS VULNERABILITY IS ACTIVELY BEING EXPLOTED.
Lot of threat con’s have gone up to stage 2 or 3, depending on their measurement techniques. However the point is everyone has raised the BAR of current threat level.
KB article: http://support.microsoft.com/kb/973472
SRD blog: http://blogs.technet.com/srd/archive...erability.aspx
MSRC blog: http://blogs.technet.com/msrc/archiv...-released.aspx
Product’s affected :
Microsoft Office XP Service Pack 3;
Microsoft Office 2003 Service Pack 3;
Microsoft Office XP Web Components Service Pack 3;
Microsoft Office Web Components 2003 Service Pack 3;
Microsoft Office 2003 Web Components for the 2007 Microsoft Office system Service Pack 1;
Microsoft Internet Security and Acceleration Server 2004 Standard Edition Service Pack 3;
Microsoft Internet Security and Acceleration Server 2004 Enterprise Edition Service Pack 3;
Microsoft Internet Security and Acceleration Server 2006;
Internet Security and Acceleration Server 2006 Supportability Update;
Microsoft Internet Security and Acceleration Server 2006 Service Pack 1; and
Microsoft Office Small Business Accounting 2006.
A FIX IT TOOL IS AVAILABLE :
FOR ALL AD’ admins out there :
** USING AN ALTERNATIVE BROWSER (OTHER THEN IE) IS RECOMMENDED **
List of domains currently exploiting the vulnerability can be found here:
Be sure to block them at gateway level.
Attack vectors used to exploit this vulnerability.
1. The now known public attempts to exploit the vulnerability, attackers just modify the code with a fresh download and payload to slightly modified malware.
2. A .cn domain using a heavily obfuscated version of the exploit - which may become an attack kit (think MPACK)and is similar to recent DirectShow attacks.
3. A highly targeted attack against an organization earlier today who received a Microsoft Office document with embedded HTML. This one was particularly nasty, it was specifically crafted for the target - with the document being tailored with appropriate contact information and subject matter that were specific to the targeted recipient. Analysis of the document and secondary payload found the attacker used a firewall on the malicious server so that all IP traffic outside of the targeted victim's domain/IP range would not reach with the server.