Vulnerabilities, particularly zero-days, are often used by threat actors as the starting point for targeted attacks. This was certainly the case for a (then) zero-day vulnerability (CVE-2014-1761) affecting Microsoft Word. In its security advisory released last March, Microsoft itself acknowledged that the vulnerability was being used in “limited, targeted attacks.” Microsoft has since patched this vulnerability as part of its April Patch Tuesday.
However, the existence of a patch has not deterred threat actors from exploiting this vulnerability. We are still seeing targeted attacks that leverage this particular vulnerability as part of their campaigns.
The Taidoor Connection
more here.........http://blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-against-taiwanese-agencies-used-recent-microsoft-word-zero-day/
However, the existence of a patch has not deterred threat actors from exploiting this vulnerability. We are still seeing targeted attacks that leverage this particular vulnerability as part of their campaigns.
The Taidoor Connection
more here.........http://blog.trendmicro.com/trendlabs-security-intelligence/targeted-attack-against-taiwanese-agencies-used-recent-microsoft-word-zero-day/