A Zero Day vulnerability patched earlier this month by Microsoft has been under attack since last summer, researchers said.
Microsoft fixed a boatload of vulnerabilities with the March patch updates, which included three flaws already undergoing exploitation.
‘Double Agent’ Exploits Windows Zero Day
SANS: ‘Take Cyber Off the Table’
SANS: Know the Security Mission
ABB: Showing its Digital Ability
One of the flaws, tracked as CVE-2017-0022, is an XML Core Services information disclosure vulnerability that can end exploited through Internet Explorer by getting the targeted user to click on a specially crafted link.
“An information vulnerability exists when Microsoft XML Core Services (MSXML) improperly handles objects in memory. Successful exploitation of the vulnerability could allow the attacker to test for the presence of files on disk,” Microsoft said in its advisory.
Trend Micro researchers found the security hole and reported it to Microsoft in September.
The Zero Day ended up used in the AdGholas malvertising campaign since July 2016, and it was added to the Neutrino exploit kit in September 2016, Trend Micro researchers said.
“Successful exploitation of this vulnerability could allow a cybercriminal access to information on the files found in the user’s system,” said Trend Micro threat analysts Brooks Li and Henry Li. “In particular, the attacker would be able to detect if the system is using specific security solutions – especially ones that analyze malware.”
Trend Micro made a technical analysis of the vulnerability available.