火眼twoforonefinal.pdfVIP

Two for One: Microsoft Office Encapsulated PostScript and Windows Privilege Escalation Zero-Days FireEye recently uncovered an attack exploiting two previously unknown vulnerabilities, one in Microsoft Office (CVE-2015-2545) and another in Windows (CVE-2015-2546). Both vulnerabilities are patched this Tuesday because of Microsoft’s immediate response. The attackers hid the exploit within a Microsoft Word document (.docx) that appeared to be a resume. The combination of these two exploits grant fully privileged remote code execution. FireEye products and services identify this activity