Kaspersky spots patched Microsoft Office vulnerability risk

The weakness was fixed in 2015, but some hacker groups including Danti are still using it by preying on unpatched machines

Kaspersky has discovered a number of criminals are still taking advantage of weakness in Microsoft Office that has been patched by the company but hasn't been applied to all machines.

Hacker groups including Platinum, APT16, EvilPost, SPIVY and newly uncovered collective Danti have used the exploit for the CVE-2015-2545 vulnerability recently, targeting computers that haven't installed the patch.

The exploit allows cyber-espionage groups and cybercriminals to infect machines with malware rather than utilising zero-day vulnerabilities. Using the new method is cheaper than older techniques that required more time to discover the weaknesses, yet offers the same rate of infection, the report revealed.

In particular, the CVE-2015-2545 vulnerability allows an attacker to execute code using an EPS image file sent via a phishing email, which looks totally harmless. It apparently uses the PostScript technique evading Windows' Address Space Layout Randomisation (ASLR) and Data Execution Prevention (DEP) protection methods integrated into the system.

Advertisement
Advertisement - Article continues below

Danti, in particular, is spreading the malware by sending out phishing emails posing as high-ranking Indian officials. Once the vulnerability has been exploited, the Danti backdoor is installed, allowing hackers to uncover sensitive data on the victim's machine.

"We expect to see more incidents with this exploit, and we continue to monitor new waves of attacks and the potential relationship with other attacks in the region," Alex Gostev, Chief Security Expert at Kaspersky Lab Research Center in APAC said.

"Waves of attacks conducted with the help of just one vulnerability suggests two things: firstly, that threat actors tend not to invest many resources into the development of sophisticated tools, like zero-day exploits, when 1-day exploits will work almost as well. Secondly, that the patch-adoption rate in the target companies and government organisations is low."

The company advised businesses to ensure they take notice of patch-management in their IT infrastructure to ensure they're protected against such vulnerabilities before they become a threat.

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/malware/33080/hackers-abuse-linkedin-dms-to-plant-malware
malware

Hackers abuse LinkedIn DMs to plant malware

25 Feb 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019
Visit/antivirus/28144/best-antivirus
antivirus

Best antivirus for Windows 10

3 Sep 2019
Visit/security/malware/28083/the-five-best-free-malware-removal-tools
Security

Best free malware removal tools 2019

8 Mar 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/business/business-strategy/354252/huawei-takes-the-us-trade-sanctions-into-its-own-hands
Business strategy

Huawei takes the US trade sanctions into its own hands

3 Dec 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/mobile/mobile-phones/354273/pablo-escobars-brother-launches-budget-foldable-phone
Mobile Phones

Pablo Escobar's brother launches budget foldable phone

4 Dec 2019