Today, Microsoft will deliver 9 security updates for its operating systems and products. Among them, is a patch for a vulnerability that has already been used in a reported attack. iSight Partners, a cyber-intelligence security firm, uncovered the flaw and the hack. iSight's web site has been offline this morning for a few hours. There's no evidence that the company's servers have been taken down due to retaliation, but one has to wonder.
The vulnerability was exploited by a Russian hacking group, dubbed "Sandworm Team" due references to the Sci-Fi "Dune" series, allowing it to hack and spy on NATO. The group is rumored to be state sponsored, or at least working for the Russian government. Sandworm exploited the zero-day flaw by weaponizing a PowerPoint document through the Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.
Today, as part of its regular, monthly patching process, Microsoft will release security bulletin MS14-060 that is targeted toward closing the malicious hole in the affecting operating systems. The bug affects Windows desktop and server versions from Vista to 8.1 to Server 2008 and above.
The vulnerability has been identified and known for only a short time, but disclosure of the problem was kept quiet while Microsoft developed a fix.