Zero-day exploit targets European website

SECURITY

|
Image: By BiztechAfrica
Zero-day exploit targets European website

Sophos is advising computer users and administrators to exercise caution following the discovery of an as-yet unpatched security vulnerability in Microsoft software.

SophosLabs determined that the website of a European aeronautical parts supplier - which is currently not being named due to the sensitivity of the situation - had been hacked, and a malicious attack planted on the website which exploits a zero-day Microsoft security vulnerability.

Sophos was alerted to the security problem when a Sophos customer attempted to visit the affected website, and received a warning message that a file on the site was infected by code which attempts to exploit a vulnerability in Microsoft XML Core Services which could allow Remote Code Execution - a vulnerability known as CVE-2012-1889 - which has been linked to recent warnings from Google about 'state-sponsored attacks'.

"One way that hackers break into large companies and organisations is to target their supply chain. Rather than try to hack a company which may have robust security practices and security teams, they can instead attack a smaller supplier who is less likely to notice the security breach," says Brett Myroff, CEO of Sophos distributor, NetXactics.

Users running any flavour of currently-supported Windows are vulnerable, from XP, up to and including Windows 7. All supported editions of Microsoft Office 2003 and Microsoft Office 2007 are also vulnerable. At the time of writing there is not yet an official patch from Microsoft - but the company recommends that Internet Explorer and Microsoft Office users immediately install a Fix it solution, downloadable with instructions from Microsoft Knowledge Base Article 2719615, until the company issues an official fix.

"Users should not underestimate the seriousness of this vulnerability. It's being actively exploited in the wild, and there is currently no patch available for it.

“Sophos has raised its threat level rating to 'Critical'. Sophos does provide protection against the exploit - but the best solution of all would be to have a proper fix from Microsoft,” Myroff says.

 

 



Share the News

Get Daily Newsletter

Search News

comments powered by Disqus

MORE SECURITY NEWS

Top targets for cyber attacks in East Africa

Governments are East Africa’s top target sector for cyber attacks, followed by telecoms and financial  services, says a report by Control Risks. Read More

Connecting the dots: respond-to-alerts based security posture will not protect

According to an Arbor paper, “Connecting the Dots in Enterprise Security”, advanced threats target a specific company, are designed to bypass traditional controls, and comprise a planned and orchestrated set of attack activities. Read More

DNS attacks on the increase, concern for SA firms

South African organisations will likely see an increase in the volume and severity of network attacks over the coming years, says Arbor Networks. Read More

RSA: 75 percent of organisations at significant risk of cyber incidents

RSA, The Security Division of EMC, has released data demonstrating that organisations that invest in detection and response technologies, rather than perimeter-based solutions, are better poised to defend against cyber incidents.  Read More

DDoS attacks don’t have to mean ‘game over’

The problem of inadequate protection from DDoS attacks is a growing concern for South African organisations, says Arbor Networks. Read More

DNS attacks on the increase, concern for SA firms

Arbor Networks Annual Worldwide Infrastructure Security Report provides a rare insight into the nature of today’s network security threats, and the ways in which enterprise network operators and service providers are facing up to these challenges.  Read More

Arbor Networks Spectrum v2.1 pioneers new network approach for security teams

Arbor Networks Inc., the security division of NETSCOUT, has introduced version 2.1 of Arbor Networks Spectrum, its advanced security analytics and threat-hunting platform, to the African region.  Read More

Things to ask your MSSP to increase your network’s security

Arbor Networks has drawn up five questions to ask an MSSP to better ensure security throughout your organization. Read More

Unpacking penetration testing for SMEs

MWR Infosecurity outlines penetration testing best practice for SMEs. Read More

Separating the attack that matters from the noise

It has almost become the norm for a business to be compromised by a security attack. The emphasis today is thus more on how a business responds to the attack, that is how have they prepared for the breach and how do they communicate it?  Read More

PRESS OFFICES

Sage EnterpriseSAP AfricaTrust PayVMWareSamsung ElectronicsMitsumi DistributionPhoenix DistributionMTN BusinessSchneider ElectricMultichoiceMicrosoft 4AfrikaNetworks UnlimitedArbor NetworksEricssonTigo Ghana

FEATURED STORY

Government should encourage youths in ICT earlyGovernment should encourage youths in ICT early

Youths should be given more encouragement to develop their ICT skills, an 11-year-old app developer told Kokumo Goodie.

IN DEPTH

IBM Opens First Cloud Data Centre in South AfricaIBM Opens First Cloud Data Centre in South Africa

IBM is opening a new IBM Cloud Data Centre in Johannesburg, South Africa. The new cloud center is the result of a close collaboration with Gijima and Vodacom and is designed to support cloud adoption and customer demand across the continent.