Kaspersky spots patched Microsoft Office vulnerability risk

The weakness was fixed in 2015, but some hacker groups including Danti are still using it by preying on unpatched machines

Kaspersky has discovered a number of criminals are still taking advantage of weakness in Microsoft Office that has been patched by the company but hasn't been applied to all machines.

Hacker groups including Platinum, APT16, EvilPost, SPIVY and newly uncovered collective Danti have used the exploit for the CVE-2015-2545 vulnerability recently, targeting computers that haven't installed the patch.

The exploit allows cyber-espionage groups and cybercriminals to infect machines with malware rather than utilising zero-day vulnerabilities. Using the new method is cheaper than older techniques that required more time to discover the weaknesses, yet offers the same rate of infection, the report revealed.

In particular, the CVE-2015-2545 vulnerability allows an attacker to execute code using an EPS image file sent via a phishing email, which looks totally harmless. It apparently uses the PostScript technique evading Windows' Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) protection methods integrated into the system.

Advertisement - Article continues below
Advertisement - Article continues below

Danti, in particular, is spreading the malware by sending out phishing emails posing as high-ranking Indian officials. Once the vulnerability has been exploited, the Danti backdoor is installed, allowing hackers to uncover sensitive data on the victim's machine.

"We expect to see more incidents with this exploit, and we continue to monitor new waves of attacks and the potential relationship with other attacks in the region," Alex Gostev, Chief Security Expert at Kaspersky Lab Research Center in APAC said.

"Waves of attacks conducted with the help of just one vulnerability suggests two things: firstly, that threat actors tend not to invest many resources into the development of sophisticated tools, like zero-day exploits, when 1-day exploits will work almost as well. Secondly, that the patch-adoption rate in the target companies and government organisations is low."

The company advised businesses to ensure they take notice of patch-management in their IT infrastructure to ensure they're protected against such vulnerabilities before they become a threat.

Featured Resources

What you need to know about migrating to SAP S/4HANA

Factors to assess how and when to begin migration

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

Testing for compliance just became easier

How you can use technology to ensure compliance in your organisation

Download now

Best practices for implementing security awareness training

How to develop a security awareness programme that will actually change behaviour

Download now



Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019

Best free malware removal tools 2019

23 Dec 2019
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Microsoft Windows

Memes and Viking funerals: The internet reacts to the death of Windows 7

14 Jan 2020

Dell XPS 13 (New 9300) hands-on review: Chasing perfection

14 Jan 2020