A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East.
Researchers at Kaspersky Lab today published a report describing how attackers continue to flourish exploiting CVE-2015-2545, a remote code execution vulnerability where an attacker crafts an EPS image file embedded in an Office document designed to bypass memory protections on Windows systems.
Exploits have been used primarily to gain an initial foothold on targeted systems. Those targets are largely government and diplomatic agencies and individuals in India and Asia, as well as satellite offices of those agencies in Europe and elsewhere.
The Office flaw was patched in September in MS15-099 and updated again in November. Yet APT groups seem to be capitalizing on lax patching inside these high-profile organizations to carry out espionage. Some criminal organizations have also made use of exploits against this particular flaw, in particular against financial organizations in Asia, Kaspersky researchers said in their report.