Kaspersky Lab’s Technology Proactively Blocks Attacks via Zero-Day Vulnerability in Microsoft Office
Woburn, MA – November 8,
2013 - Kaspersky Lab’s Automatic
Exploit Prevention (AEP) technology successfully blocks attacks via the recently
discovered system vulnerability in Microsoft Office software. Microsoft reported
knowledge of targeted attacks attempting to exploit this vulnerability.
On November 5, Microsoft issued a Security
Advisory notifying users of a system vulnerability that would allow successful
attackers to gain the same access rights as the current user. This
vulnerability affects Microsoft Windows, Microsoft Lync, and Microsoft Office. Given
the vast usage of affected programs, this software vulnerability put millions
of users around the world at risk.
Kaspersky Lab has confirmed that AEP has successfully blocked any
attempts to exploit this previously-unknown Microsoft software vulnerability, keeping
company’s customers safe from targeted attacks and other emerging threats that
may have leveraged this weakness. By monitoring for unusual behavior, and not
simply relying on databases of malware that has already been detected,
Kaspersky Lab’s Automatic Exploit Prevention has once again
proved the value of its proactive protection.
“Behavior-based detection logic for this kind of exploitation was
implemented in Automatic Exploit Prevention technology almost a year ago. Based
on our research, which was conducted after the vulnerability was disclosed,
first malicious attack attempts using this vulnerability happened as early as
July of this year. We think it is a significant achievement that our products
successfully protect our clients long before the public announcement of the existence
of the vulnerability,” said Nikita Shvetsov, Deputy CTO (Research) at Kaspersky
vulnerability, recorded as CVE-2013-3906, is a remote code execution
vulnerability in the Microsoft Graphics system component. According to
“An attacker could exploit this vulnerability by convincing a user to
preview or open a specially crafted email message, open a specially crafted
file, or browse specially crafted web content. An attacker who successfully
exploited the vulnerability could gain the same user rights as the current user.”
In their advisory, Microsoft provides immediate suggestions for a
workaround solution which “does not
correct the underlying issue but would help block known attack vectors before a
security update is available.” The full fix for this vulnerability
is expected to be issued in Microsoft’s next batch of software update patches.
This situation is a perfect example of a “window of vulnerability,”
where a known vulnerability exists and is presumably being targeted by cybercriminals,
but the software company is unable to issue an immediate fix. Until the fix is
issued, an incalculable number of users around the world are vulnerable to cyberattacks.
Kaspersky Lab’s Advanced Protection from
Software Flaws For years, Kaspersky
Lab experts have published research data about the growth of software exploits, which are malicious programs that target
vulnerabilities in widely-used legitimate software. Vulnerabilities that have
been discovered by cybercriminals, but not by the software maker, are known as
Zero-Days. Recognizing this trend in cybercrime, Kaspersky Lab responded by
designing Automatic Exploit Prevention, a unique technology that was built
entirely by Kaspersky Lab’s internal team of experts.
Put simply, Automatic
Exploit Prevention monitors the system for behaviors commonly performed by
malicious exploits, and pays particular attention to commonly-targeted
software. This technology, which is now available in Kaspersky Lab’s B2B and
B2C security solutions, performs a number of different functions to block
exploits, including tracking the origin of software that is attempting to
launch, and monitoring the behavior of existing programs prior to running new
software. This proactive monitoring is combined with the use of Forced Address
Space Layout Randomization (ASLR), which randomizes image base of loaded or loading
module and prevents attacks from finding their target. For more information on
how Kaspersky Lab’s AEP technology works, please read our whitepaper.
Kaspersky Lab Kaspersky Lab is the world’s largest privately held
vendor of endpoint protection solutions. The company is ranked among the
world’s top four vendors of security solutions for endpoint users*. Throughout
its more than 16-year history Kaspersky Lab has remained an innovator in IT
security and provides effective digital security solutions for large
enterprises, SMBs and consumers. Kaspersky Lab, with its holding company
registered in the United Kingdom, currently operates in almost 200 countries
and territories across the globe, providing protection for over 300 million
users worldwide. Learn more at www.kaspersky.com.
* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by
Vendor, 2012. The rating was published in the IDC
report "Worldwide Endpoint Security 2013–2017 Forecast and 2012 Vendor
Shares (IDC #242618, August 2013).
The report ranked software vendors according to earnings from sales of endpoint
security solutions in 2012.