A new vulnerability in Microsoft Windows has been uncovered, which reportedly allowed Russian hackers to spy on several different groups - including NATO, an academic institution, the European Union, and the Ukrainian government.
The security flaw is said to have been present in operating systems from Windows Vista through Windows 8.1. Microsoft released the patch to fix these vulnerabilities earlier this week. The vulnerabilities allowed a remote hacker to take control of a target computer.
Dallas-based security firm iSight Partners discovered the vulnerability, and it has been nicknamed 'Sandworm' - because references to the science fiction movie "Dune" have been found in the code. The hackers used a common technique called spear-phishing - where innocent looking emails were sent to targets. Once the emails were opened, the malware was downloaded onto the servers and used to exploit the vulnerability.
While many of the targets have been identified, it is still unclear what type of information they were seeking or what they were able to obtain.
- Adobe AIR
- Adobe Flash Player
- Java
- A number of Windows components, including Office, Internet Explorer, and .NET
The Adobe and Java updates are unrelated to the Windows vulnerability; however, they do fix several other security holes that have been discovered. The Adobe update fixes issues with three known security flaws, and the Java update includes fixes for more than two dozen identified security issues.
No comments:
Post a Comment