November 9, 2013

Latest Windows Zero-Day Exploit

It is believed that this exploit is the handy work of an India based hacker group who were also thought to be responsible for the 'Operation Hangover' exploits earlier this year. This news was released in a security alert by Microsoft earlier this weeks. They said that the there was a vulnerability in the TIFF image-format parsing component was being exploited in attacks aimed at targets located in the Middle East and South Asia.



Emails with subject lines like "Illegal Authorization for Funds Transfer" or "Problem with Credit September 26th 2013" were the medium being used by the hackers. They attached malicious Word documents, which seemed to use multiple XML objects to "spray the heap memory," which is a old technique used more than a decade ago, used to find sections in the memory that the malicious code can use for its exploit.

Continue reading at: computerworld.com 

Twitter: @Th3MattWilson

No comments:

Post a Comment

Twitter: @Th3MattWilson