Partner Article

Zero-Day Vulnerability in Microsoft Office – insight from Kaspersky Lab

Zero-Day Vulnerability in Microsoft Office

On November 5, Microsoft issued a Security Advisory notifying users of a system vulnerability that would allow successful attackers to gain the same access rights as the current user. This vulnerability affects Microsoft Windows, Microsoft Lync, and Microsoft Office. Given the vast usage of affected programs, this software vulnerability put millions of users around the world at risk.

This situation is a perfect example of a “window of vulnerability,” where a known vulnerability exists and is presumably being targeted by cybercriminals, but the software company is unable to issue an immediate fix. Until the fix is issued, an incalculable number of users around the world are vulnerable to cyber-attacks.

Preventing attacks

Kaspersky Lab’s Automatic Exploit Prevention (AEP) technology successfully prevented attacks via the vulnerability by monitoring for unusual behavior rather than simply relying on databases of malware that has already been detected.

Automatic Exploit Prevention monitors the system for behaviour commonly performed by malicious exploits, and pays particular attention to commonly-targeted software. This technology performs a number of different functions to block exploits, including tracking the origin of software that is attempting to launch, and monitoring the behaviour of existing programs prior to running new software.

This proactive monitoring is combined with the use of Forced Address Space Layout Randomisation (ASLR), which randomises image base of loaded or loading module and prevents attacks from finding their target.

Quote from Kaspersky Lab

“Behaviour-based detection logic for this kind of exploitation was implemented in Automatic Exploit Prevention technologyalmost a year ago. Based on our research, which was conducted after the vulnerability was disclosed, first malicious attack attempts using this vulnerability happened as early as July of this year. We think it is a significant achievement that our products successfully protect our clients long before the public announcement of the existence of the vulnerability.” Nikita Shvetsov, Deputy CTO (Research) at Kaspersky Lab.

What’s next?

Kaspersky Lab’s researchers continue to pay close attention to software vulnerabilities and their impact on IT security. In October 2013, the company released a highly-detailed report on the evolution of exploits in Java software from 2012-2013. The report listed more than 160 Java vulnerabilities identified over the course of the year. These vulnerabilities were attacked by exploit malware more than 14 million times, including a then-unknown Zero-Day vulnerability that was used in the Icefog cyberespionage campaign.

This was posted in Bdaily's Members' News section by Alice Collins .