Security firm Trustwave has warned that a cyber-attack is currently hitting systems on the Internet, which uses two vulnerabilities, one in Adobe Reader and another in Microsoft Windows.
According to its technical analysis of the attack, these vulnerabilities are being used to compromise Windows XP and 2003 systems and download code.
The attack, first detected by threat-protection firm FireEye in late November, uses a software flaw to escape from the security container, also known as the or sandbox, which was implemented by Adobe to protect users of its software. A second part of the attack exploits a still-unpatched vulnerability in Windows XP and Windows 2003 to gain greater privileges so the attacker can install code on the compromised machine and take control of it.
“It shows the very high sophistication of the people who identified these vulnerabilities and turned them into attacks,” he said. “It shows that they are highly technical to find vulnerabilities in different products and combine them into a reliable exploit.”
Attackers continue to use more sophisticated techniques to get around defensive technologies put in place by operating system vendors and software developers. Microsoft incorporate techniques such as data execution protection (DEP) and address space layout randomisation (ASLR) to make exploitation of software flaws more difficult and less reliable.
A number of software developers, including Google and Adobe, have also incorporated sandboxing, which digitally cordons off suspicious code from the operating system. Yet, attackers have found ways to escape the sandbox and run code despite Microsoft’s mitigations.
The latest attack also comes as Microsoft prepares to end support for Windows XP in April 2014. While Windows XP is a dozen years old, it continues to account for 31 percent of operating systems in use today, according to Net Applications, a company that tracks the market share of various Internet technologies.
Microsoft has not yet issued a patch for the issue, but the company advised that companies could make changes to eliminate the threat of the vulnerability on affected systems.
“These limited, targeted attacks require users to open a malicious PDF file,” Dustin Childs, a spokesperson for Microsoft’s Trustworthy Computing group, said in the blog post. “The issues described by the advisory cannot be used to gain access to a remote system alone.”
Adobe PDF files, Microsoft Office documents, and Oracle Java applets continue to be used by attackers to compromise systems in targeted attacks.
What do you know about Internet security? Find out with our quiz!
Originally published on eWeek.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…