Skip to main content

CSO, By Antone Gonsalves

Tucked within Microsoft's September patch release was a fix for a vulnerability that had been used this year in a sophisticated attack aimed at stealing U.S. military secrets.

A proof-of-concept (PoC) exploit for the XMLDOM vulnerability, which Microsoft labeled cve-2013-7331, was first released in April 2013. The PoC was then "re-repurposed and abused" in the February attack against the U.S. Veterans of Foreign Wars' website, Kurt Baumgartner, principal security researcher, Americas, for Kaspersky Lab, reported Thursday.

Experts believe the attackers were hoping to infect the computers of active military personnel visiting the site in order to eventually steal valuable information. The VFW has 1.4 million members, including 75,000 who are still active. Read more.

Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO

Microsoft Patch Fixed IE Flaw Used Against U.S. Military - CSO
Kaspersky Logo