Hackers still use the old Office vulnerability for cyber-attacks-vulnerabilities-warning-the black bar safety net

2016-07-13T00:00:00
ID MYHACK58:62201676858
Type myhack58
Reporter 佚名
Modified 2016-07-13T00:00:00

Description

! Recently, the Microsoft company said hackers in many network attacks, is still in use with one to 4 years ago, found that the Office software vulnerabilities. Hackers exploit Office software in the presence of this vulnerability, the use of the production of a good document to spread malware. Microsoft will this a vulnerability named CVE-2 0 1 2-0 1 5 8, its Office software in 2 0 0 3 and 2 0 0 7 and 2 0 1 0 three versions are affected. Microsoft in 2 0 1 2 year 4 month for it to repair. The vulnerability exists in Windows common control library, the hacker can exploit the vulnerability, in forcing the user to open a malicious website or a malicious document after the implementation of code injection attacks. From Sophos, a security services company, security researcher said that according to their survey from 2 0 1 5 in the fourth quarter since the CVE-2 0 1 2-0 1 5 8 vulnerability is still on the Office software to affect the highest degree of vulnerability. In half, for each large enterprise of network attacks, hackers have used this vulnerability. Now, although hackers have been using some new vulnerability, but in these new holes, no one can and CVE-2 0 1 2-0 1 5 8 phase“comparable”to. Many security experts back this vulnerability played a nickname, called“never dying bug”, the degree of harm is evident. Security researcher says there are several reasons that can explain why this vulnerability by hackers of all ages. First, in using this vulnerability, you can use a seemingly safe file formats, vulnerability is a cover; the vulnerability of the plurality of versions of Office software. Second, the vulnerability has a strong destructive power, at the same time, it is possible to evade system security software detection. The researchers had used the Word Intruder intrusion software on a C&C server for the test analysis. Hackers use the Word Intruder, this penetration of the tool, by a malicious Word document to spread malware. Globally, nearly 4 0% of users are in the CVE-2 0 1 2-0 1 5 8 vulnerability. However, in Europe and North America, two regions, by which a vulnerability infection of the device the proportion of only 1 5 per cent. This situation seems to indicate that, in many for the European and North American companies, and launched large-scale attacks, and hackers rarely use this vulnerability. On the contrary, in the target Asian region to the company of the attack, the hackers, the widespread use of this vulnerability. In the Asian region, had been infected device ratio than the former is much higher, this proportion has more than 5 0 per cent. Over the past few years, in many cases against Asian companies and launched the attack, the hackers have exploited the CVE-2 0 1 2-0 1 5 8 vulnerabilities, such as: Lotus Blossom, the Transparent Tribe, a Roaming Tiger, and other cyber espionage operations. In the use of the CVE-2 0 1 2-0 1 5 8 vulnerability, also need a few development tools, including: MNKit and Four Element Sword Builder, one for the Office vulnerability of the development tools and the like. From the Sophos researcher, said:“from a practical point of view, the Office Exploiit Kits development tools have very close contact. If we cut off the link between them, it will give the hack for the CVE-2 0 1 2-0 1 5 8 Development difficult. So in the short term, this vulnerability will be reduced. Now, even if a hacker changes the vulnerability of the use of the way, from the past, distributing spam to the present focus on the use of, and achieved good effects, but more importantly, the CVE-2 0 1 2-0 1 5 8 vulnerability or has a high risk, hackers will still continue to use it to make a fuss, we must pay attention to. When hackers see this vulnerability as well as the use value of the time, I believe they will never be this close hand it.” Security experts said that in the future a period of time, the CVE-2 0 1 2-0 1 5 8 dominance will be CVE-2 0 1 5-1 6 4 1 and CVE-2 0 1 5-2 5 4 5 two new vulnerabilities.