Security firm Trustwave has warned that a cyber-attack is currently hitting systems on the Internet, which uses two vulnerabilities, one in Adobe Reader and another in Microsoft Windows.
According to its technical analysis of the attack, these vulnerabilities are being used to compromise Windows XP and 2003 systems and download code.
The attack, first detected by threat-protection firm FireEye in late November, uses a software flaw to escape from the security container, also known as the or sandbox, which was implemented by Adobe to protect users of its software. A second part of the attack exploits a still-unpatched vulnerability in Windows XP and Windows 2003 to gain greater privileges so the attacker can install code on the compromised machine and take control of it.
“It shows the very high sophistication of the people who identified these vulnerabilities and turned them into attacks,” he said. “It shows that they are highly technical to find vulnerabilities in different products and combine them into a reliable exploit.”
Attackers continue to use more sophisticated techniques to get around defensive technologies put in place by operating system vendors and software developers. Microsoft incorporate techniques such as data execution protection (DEP) and address space layout randomisation (ASLR) to make exploitation of software flaws more difficult and less reliable.
A number of software developers, including Google and Adobe, have also incorporated sandboxing, which digitally cordons off suspicious code from the operating system. Yet, attackers have found ways to escape the sandbox and run code despite Microsoft’s mitigations.
The latest attack also comes as Microsoft prepares to end support for Windows XP in April 2014. While Windows XP is a dozen years old, it continues to account for 31 percent of operating systems in use today, according to Net Applications, a company that tracks the market share of various Internet technologies.
Microsoft has not yet issued a patch for the issue, but the company advised that companies could make changes to eliminate the threat of the vulnerability on affected systems.
“These limited, targeted attacks require users to open a malicious PDF file,” Dustin Childs, a spokesperson for Microsoft’s Trustworthy Computing group, said in the blog post. “The issues described by the advisory cannot be used to gain access to a remote system alone.”
Adobe PDF files, Microsoft Office documents, and Oracle Java applets continue to be used by attackers to compromise systems in targeted attacks.
What do you know about Internet security? Find out with our quiz!
Originally published on eWeek.
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…