Microsoft on Tuesday patched several memory corruption vulnerabilities in Office, including one that had been exploited in the wild by a well known advanced persistent threat (APT) actor.
Trend Micro reported earlier this week that the Russian threat group Pawn Storm (also known as APT28, Sednit, Fancy Bear, Sofacy and Tsar Team) had been leveraging an Oracle Java-zero day vulnerability in attacks against the armed forces of a NATO member country, and defense organizations in the United States and Canada.
The Microsoft Office zero-day exploited by the threat actor is a heap corruption vulnerability triggered during processing of a malformed Microsoft Forms Image. The flaw affects Office 2013 SP1 and prior, and it can be exploited to execute arbitrary code via a specially crafted Office document.
SIGHT Partners has been monitoring the APT actor’s activities and the company believes that the group is actually behind the hacktivist group known as Cyber Caliphate which attacked several companies apparently in support of ISIS.