Platinum-grade hackers exploit software that Microsoft has patched twice

LOCK DOWN YOUR OFFICE. Hackers are exploiting a vulnerability that was patched six months ago, according to the security sniffers at Kaspersky Lab.

That just sounds so bleak. At first glance we are concerned that the patch does not work, on the other that it could be down to unpatched systems. We don’t like Patch Tuesday much ourselves, but for crissakes we know that it needs acting on when it happens.

“A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT [advanced persistent threat] gangs operating primarily in South East Asia and the Far East,” said a report on the Kaspersky Threatpost website.

“Attackers continue to flourish exploiting CVE-2015-2545, a remote code execution vulnerability where an attacker crafts an EPS image file embedded in an Office document designed to bypass memory protections on Windows systems.”

This is bleaker than we expected. Kaspersky explained that the exploit was patched two further times, yet people are still falling prey. Serious people, too.

“Exploits have been used primarily to gain an initial foothold on targeted systems. Those targets are largely government and diplomatic agencies and individuals in India and Asia, as well as satellite offices of those agencies in Europe and elsewhere,” the firm said.

“The Office flaw was patched in September in MS15-099 and updated again in November. Yet APT groups seem to be capitalising on lax patching inside these high-profile organisations to carry out espionage.

“Some criminal organisations have also made use of exploits against this particular flaw, in particular against financial organisations in Asia.”

The INQUIRER posts regular patch updates. We do not do it out of love. Kaspersky said that this latest assault is probably the work of an exploit posse called the Platinum Group.

The group had a special mention from Microsoft in the firm’s most recent security report.


Leave a Reply