The critical flaw in Windows which Microsoft yesterday an emergency patch released was already known to the Italian Hacking Team, which previously had also developed an exploit, as reported anti-virus company Trend Micro. Through the vulnerability an attacker could completely take over Windows computers when the user opens a malicious document or visits a malicious or hacked website. There is no further interaction is required.
"Because of this vulnerability, attackers could use to infect the computer with system privileges by rootkits or boat kits without this was reported by any means," said analyst Li Moony. He argues that attackers can remotely control vulnerable computers over the leak. Trend Micro reported the problem to Microsoft. Something that also involved researchers from Google and the American security company FireEye.
According to Li contains the dataset by Hacking Team was looted exploit code to make use of the vulnerability, but no attacks are still found in the wild. However, this seems a matter of time. Earlier there were already vulnerabilities found in the stolen data of Hacking Team, which were then used by cyber criminals to infect computers with malware. Users also get the urgent advice to security MS15-078 to install. However, this will happen automatically on most computers.
An attacker recently managed to break into the Italian company and made it more than 400GB of data captured and then put the data online. The data have been found so far six so-called zero-day vulnerabilities. Vulnerabilities in which at the time of the discovery for no update was available yet. These are three vulnerabilities in Adobe Flash Player, two Windows and one in Internet Explorer.
No comments:
Post a Comment