Back in November, it was reported that a zero-day security vulnerability was present in Microsoft Windows XP and Server 2003 systems that could allow someone to unauthorizedly install programs, modify or delete data, and create accounts with full administrative rights. Microsoft released a statement addressing the issue, saying that they would "take appropriate action to help protect customers. However, recent information has revealed that the vulnerability was used in a targeted attack on the server systems of 28 embassies in a Middle Eastern capital city.
The vulnerability, which according to Microsoft only affects Windows XP and Server 2003 systems, was exploited as part of a targeted attack on embassies in the Middle Eastern region. The payload was distributed by means of a blank email, with a subject line and attachment name referencing the ongoing Syrian conflict so as to encourage users to open it. No details have arisen as to whether or not the exploit vitally affected any systems, but according to Japanese security software company Trend Micro, the attack is suggestive of "a level of organization and available resources beyond ordinary cybercriminals." The company also mentioned that the exploit was designed specifically to avoid detection, saying: "Apart from the targeting and the anti-analysis techniques, there does not appear to be other particularly unusual or unique behaviors in this attack. The anti-analysis techniques in the backdoor (detected as BKDR_TAVDIG.GUD) were designed to hide from or freeze debuggers, making analysis and attribution more difficult."
Microsoft has been contacted for comment.