A dangerous zero-day exploit that affects MS Windows computers and MS Windows servers has been spotted (CVE-1012-4114). It’s called Sandworm and has been attacking computers and servers as a payload included in infected PowerPoint files. The possibility exists that it could also be spread by infected versions of other MS Office files.
Do not open files or attachments from untrusted sources. This exploit is being spread because people are opening files from strangers or from shady download sites. Mostly from people downloading infected attachments to emailed phishing scams.
According to iSight Partners, who announced the vulnerability in conjunction with Microsoft, Microsoft will be pushing out a patch today.
Sandworm has been used to attack computers in NATO and across the European Union. It is considered very dangerous: its goal is to grab data from the computers and servers it attacks.
- iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign, Stephen Ward, iSight Partners, Oct. 14, 2014.
- ‘SANDWORM’ MONSTER zero-day ‘used in Russian attack on NATO, EU’: Fix imminent from Microsoft for Vista, Server 2008, other stuff, Simon Sharwood, The Register, Oct. 14, 2014.