Kaspersky spots patched Microsoft Office vulnerability risk

The weakness was fixed in 2015, but some hacker groups including Danti are still using it by preying on unpatched machines

Kaspersky has discovered a number of criminals are still taking advantage of weakness in Microsoft Office that has been patched by the company but hasn't been applied to all machines.

Hacker groups including Platinum, APT16, EvilPost, SPIVY and newly uncovered collective Danti have used the exploit for the CVE-2015-2545 vulnerability recently, targeting computers that haven't installed the patch.

The exploit allows cyber-espionage groups and cybercriminals to infect machines with malware rather than utilising zero-day vulnerabilities. Using the new method is cheaper than older techniques that required more time to discover the weaknesses, yet offers the same rate of infection, the report revealed.

In particular, the CVE-2015-2545 vulnerability allows an attacker to execute code using an EPS image file sent via a phishing email, which looks totally harmless. It apparently uses the PostScript technique evading Windows' Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) protection methods integrated into the system.

Danti, in particular, is spreading the malware by sending out phishing emails posing as high-ranking Indian officials. Once the vulnerability has been exploited, the Danti backdoor is installed, allowing hackers to uncover sensitive data on the victim's machine.

"We expect to see more incidents with this exploit, and we continue to monitor new waves of attacks and the potential relationship with other attacks in the region," Alex Gostev, Chief Security Expert at Kaspersky Lab Research Center in APAC said.

"Waves of attacks conducted with the help of just one vulnerability suggests two things: firstly, that threat actors tend not to invest many resources into the development of sophisticated tools, like zero-day exploits, when 1-day exploits will work almost as well. Secondly, that the patch-adoption rate in the target companies and government organisations is low."

The company advised businesses to ensure they take notice of patch-management in their IT infrastructure to ensure they're protected against such vulnerabilities before they become a threat.

Featured Resources

Security analytics for your multi-cloud deployments

IBM Security QRadar SIEM solution brief

Download now

Five reasons to move to the cloud

Join the enterprises moving their workloads to the cloud

Download now

Architecting hybrid IT and edge for digital advantage

Why business leaders should consider a hybrid IT strategy

Download now

Six reasons to accelerate remote asset monitoring with AI

How to optimise resources, increase productivity, and grow profit margins with AI

Download now

Recommended

Microsoft open sources CodeQL queries used in Solorigate inquiry
Security

Microsoft open sources CodeQL queries used in Solorigate inquiry

26 Feb 2021
CISA warns of ongoing Accellion File Transfer Appliance attacks
hacking

CISA warns of ongoing Accellion File Transfer Appliance attacks

25 Feb 2021
What is a Trojan?
Security

What is a Trojan?

25 Feb 2021
Cyber security firm saw attacks rise by 20% during 2020
cyber security

Cyber security firm saw attacks rise by 20% during 2020

23 Feb 2021

Most Popular

Npower shuts down app after hackers steal user data
hacking

Npower shuts down app after hackers steal user data

25 Feb 2021
Hackers publish Bombardier data in wide-reaching FTA cyber attack
cyber attacks

Hackers publish Bombardier data in wide-reaching FTA cyber attack

24 Feb 2021
New monitors for an agile new normal
Sponsored

New monitors for an agile new normal

19 Feb 2021