Rohit from Tippingpoint adviced us that he is seeing a large number of attacks from Russia using an un-patched vulnerability in the WMIObjectBroker ActiveX control. He is seeing it used as part of a drive-by download. Typically, the Trojan "Galopoper.A" is load.
There is no patch available at this point. Tippingpoint and the Bleedingthreats projects have signatures available to detect this attack. Rohit mentioned that there is a metasploit module for this vulnerability. I will be teaching next: Application Security: Securing Web Apps, APIs, and Microservices - SANS London June 2022 |
Johannes 4476 Posts ISC Handler Nov 8th 2006 |
Thread locked Subscribe |
Nov 8th 2006 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!