Failure to patch reaps rewards for hackers.
A group of hackers has managed to exploit a vulnerability in Microsoft Word to target government and educational institutes in Taiwan.
Microsoft had recently issued a security advisory regarding a serious vulnerability in its Word software and had released a "fix-it" patch immediately to protect the users from being susceptible to any attack using the exploit. However, as with most updates, the users and institutions who failed to update their software and systems in a timely manner risked become victims of attacks from hackers.
Now, a major hacking operation carried out against the Taiwanese government and educational institutes known as "Taidoor" has successfully managed to exploit the Microsoft Word vulnerability, which was left unpatched on the target machines. The hackers have used malicious email attachments with relevant titles such as national polls and free trade issues to dupe the employees into opening the content. The files downloaded to the computers are believed to be capable of stealing sensitive data and carrying out surveillance.
In the past, the "Taidoor" campaigners have used zero-day flaws in Microsoft's Internet Explorer browser for similar attacks. The operation has been active since 2009, and has a similar pattern consisting of vulnerabilities, social engineering and targets which include government agencies.
The attack has once again shed light on the importance of installing updates and running the latest available versions of system software in situations where continuous unattended network interaction takes place.
Source: Tech Week | Image via Brink's Checkout