Microsoft Warns of Zero-Day Attack on Office
2013-11-06 09:11 by Daniela Tags: security
Microsoft warned today that attackers are targeting a previously unknown security vulnerability in versions 2003-2010 of Microsoft Office, Windows Vista and Windows Server 2008. The company also has shipped an interim "Fix-It" tool to temporarily fix the flaw until it has time to develop and release a more comprehensive patch. The attacks are narrowly targeted at certain individuals or companies and are mostly found in the Middle East and South Asia. The malicious document exploits a vulnerability in Microsoft's graphics device interface that makes it possible for attackers to remotely execute any code of their choice. "The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment," Dustin Childs, group manager for Response Communications at Microsoft, wrote in a post on the Microsoft Security Response Center blog. "If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document." "In order to achieve code execution, the exploit combines multiple techniques to bypass DEP and ASLR protections," Elia Florio of the Microsoft Security Response Center wrote. "Specifically, the exploit code performs a large memory heap-spray using ActiveX controls (instead of the usual scripting) and uses hardcoded ROP gadgets to allocate executable pages. This also means the exploit will fail on machines hardened to block ActiveX controls embedded in Office documents (e.g. Protected View mode used by Office 2010) or on computers equipped with a different version of the module used to build the static ROP gadgets." Read more -here-
|