14 DAY TRIAL // Back in November, Microsoft officially confirmed a zero-day vulnerability in Windows XP and Windows Server 2003 that would allow an attack to run malicious code on an unpatched system using just a malicious PDF document.
Even though Redmond said that that time that it was working on a patch, security company Trend Micro says that the flaw is currently being exploited in the Middle East, with at least 28 embassies being targeted by attacks containing malicious PDF documents.
Just like the original attacks, this new wave relies on the same procedure that includes a PDF document attached to emails regarding the Syrian conflict.
“Further research of this earlier attack has revealed that the exploit was deployed via email to at least 28 embassies in a Middle Eastern capital. The malicious payload arrived as an attachment to a blank email sent to the target embassies. The subject line of the email and the name of the attachment referred to the ongoing conflict in Syria, to induce its recipients to open the email,” Trend Micro wrote in a new blog post.
Even though Microsoft is yet to patch the vulnerability, up-to-date anti-virus software should detect the backdoor as BKDR_TAVDIG.GUD, so make sure you deploy the latest virus definition for your security apps.
At this point, there are no details regarding the possible damage caused by the attacks, as it’s not yet clear if any embassy actually fell victim to the exploits.
“We are unable to draw any other conclusions. We do not know if the embassies were indeed affected by the malware mentioned or if there are other sets of targets, only that the samples received strongly suggest that the embassies were the intended recipients,” Trend Micro noted.
Microsoft hasn’t yet issued a statement on this, but the company is most likely still working on a fix, so expect more details to be provided anytime soon.