Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft misses Windows bug, hackers slip past patch

Gregg Keizer | Oct. 23, 2014
Last week's security update 'not robust enough,' say researchers who co-reported flaw.

Symantec also claimed that there was evidence that at least two hacker groups were exploiting the zero day: The gang dubbed "Sandworm," allegedly based in Russia, and another named "Taidoor," which has previously targeted Taiwanese businesses and government agencies.

Both CVE-2014-4114 and the latest vulnerability -- which is tagged CVE-2014-6352 -- may have been recent discoveries by the criminals, as the former was first seen exploited in August while the latter popped up on Symantec's radar last month.

In its advisory, Microsoft recommended that customers apply an automated "Fixit" tool to block known attacks, and if necessary, take other steps, including using EMET 5.0 (Enhanced Mitigation Experience Toolkit) to harden PowerPoint's defenses.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.