A team of hackers based in Russia dubbed the “Sandworm Team” has been exploiting a vulnerability in Windows, Windows Server 2008, and Windows Server 2012 in order to spy on multiple public, and private institutions.
iSight, a security firm that is working in concert with Microsoft to track the hackers and plug such flaws, says that when someone uses it to penetrate Windows, they have the ability to “remotely execute arbitrary code.”
iSight also said that anyone trying to take advantage of a flaw to compromise a system would “need a specifically crafted file and use social engineering methods (observed in this campaign) to convince a user to open it.”
Sandworm has used this flaw in Windows and Windows Server to hit the North Atlantic Treaty Organization, or NATO, along with government organizations based in Western Europe, parts of the Ukrainian government, energy companies in Poland, multiple European telecom firms, and academic organizations here at home as well.
To combat the group’s activities, Microsoft has released security fixes that are designed to fix the flaw. Users with Automatic Update enabled on their Windows PCs will download all patches without any input from them.
Digital Trends has contacted iSight to get more information on how to avoid any potential pitfalls associated with flaw that the Sandworm Team has been exploiting. We’ll issue any updates if and when we obtain information from iSight.
- Microsoft misses another Edge-related 90-day security disclosure deadline
- Intel warned Chinese tech firms of security flaws before telling U.S. government
- Microsoft’s latest Windows 10 patch will address Spectre Variant 2 CPU flaw
- Qualcomm is working on patches to address Meltdown and Spectre flaws
- AMD is working on fixes for the reported Ryzenfall, MasterKey vulnerabilities