Adobe and Windows Zero-day Exploits in the Wild

By Eric Noonan • May 16, 2016

The recent news of two new zero-day exploits for Windows and Adobe users was disconcerting for many.  The Windows bug is being exploited in the wild, which users should install fixes as soon as possible.  Cataloged as CVE-2016-0189, the exploit allows attackers to execute malicious code when vulnerable computers visit booby-trapped websites.  According to ARS Technica and Symantec, many of the targeted attacks have been aimed at South Korean websites.  The vulnerability exists in the Jscript and VBScript engines and is exploited using Internet Explorer.  According to Symantec, the exploit may have been delivered through a link included in a spear-phishing email, or a compromised, legitimate website that redirected users to the exploit.  The landing page contained JavaScript code that profiled the computer belonging to the user visiting the site.  South Korea was severely impacted by this zero-day attack, which is heavily reliant on Internet Explorer.  Attackers target South Korean organizations often to gain remote access to South Korean organization computers, steal sensitive data, or even wipe hard drives. The Adobe bug was recently identified in a Flash vulnerability that gives attackers the ability to remotely hijack machines and is currently being exploited in the wild.  FireEye first reported the vulnerability on May 10.  The vulnerability affects Windows, Mac, Linux, and Chrome OS.  The CVE number is CVE-2016-4117.

In addition to these two zero-day exploits, over 100 organizations in North America last month fell victim to a tailored spear-phishing campaign aimed at the retail, restaurant, and hospitality industry.  The campaign would send emails that contained variations of Microsoft Word documents with embedded macros.  If enabled, the macros would then download and execute a malicious downloader called PUNCHBUGGY.  PUNCHBUGGY is a DLL that can interact with compromised systems and move laterally across the environment.  In addition, PUNCHBUGGY could take advantage of a previously unknown elevation of privileges (EoP) exploit and a point of sale memory scrapping tool dubbed PUNCHTRACK by FireEye.  According to FireEye, in some victim environments, “the threat actor exploited a previously unknown elevation of privilege (EoP) vulnerability in Microsoft Windows to selectively gain SYSTEM privileges on a limited number of compromised machines.”

Microsoft and Adobe have both released patches for all vulnerabilities: CVE-2016-0168, CVE-2016-0167, and CVE-2016-4117.  If you haven’t downloaded and installed the recent fixes, please do so as soon as possible.

CyberSheath can help protect your assets.  Contact us to learn more about our throughout information security assessments and other security-related program development.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMC-AB vice chair Jeff Dalton to address CMMC Con 2021

The swiftness and severity of recent cyber attacks has dominated headlines and revealed that many organizations still don’t quite know what to do to protect themselves, as well as the businesses and government entities they’re connected to.   Ransomware attacks were a big point of discussion at the recent G7…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft