Microsoft says that it’s already working on a full patch for the flaw

Nov 6, 2013 12:17 GMT  ·  By

The zero-day flaw in Windows and Office has apparently been used by hackers in attacks aimed at Pakistani targets, including military and intelligence service computers.

Security company AlienVault Labs writes that it found evidence that the zero-day flaw that Microsoft confirmed this morning had been used in attempts to hack computers operated by the Pakistani government, in larger attacks that targeted several local organizations.

“Based on the victim information we could retrieve from the C&C server we can confirm that most of IP addresses communicating with the C&C server are based on Pakistan,” Jaime Blasco, head of AlienVault Labs, said on the company’s blog.

“We can confirm that the downloader is based on the Deksila downloader not only because it generates similar HTTP traffic but also the way it retrieves information from the system and even the raw strings from both payload.”

The attacks were based on emails containing a specially crafted Word document with embedded TIFF files attempting to exploit a flaw found in Windows Vista and Microsoft Office.

Redmond explained that a successful attack allowed the hackers to get the same privileges as the logged on user, which basically means that they could take full control of a vulnerable computer.

“The exploit requires user interaction as the attack is disguised as an email requesting potential targets to open a specially crafted Word attachment. If the attachment is opened or previewed, it attempts to exploit the vulnerability using a malformed graphics image embedded in the document. An attacker who successfully exploited the vulnerability could gain the same user rights as the logged on user,” Microsoft said in a statement.

The company said that it was still working on a patch, but it also released a Fix It tool supposed to disable the TIFF codec and prevent any further exploitation of the bug. Microsoft added that most attacks had been spotted in Middle East and South Asia.