Microsoft addressed the recently discovered zero-day vulnerability in Internet Explorer that also emerged from the Hacking Team leak. The said vulnerability, covered in MS15-065 and rated as ‘critical’, could allow attackers to take control of the system once successfully exploited. In addition, a proof-of-concept (PoC) code has been spotted by one of our threats researchers. All in all, Microsoft released a total of 14 security bulletins, 4 of which are tagged as ‘critical’ and the rest as ‘important’.
Adobe has also rolled out its security patches to fix the recent slew of Flash zero-day vulnerabilities that also came out of the Hacking team leak. Both Adobe Flash Player zero-day vulnerabilities assigned with CVE-2015-5122 and CVE-2015-5123 respectively can allow an attacker to take control of the affected system once successfully exploited. Our researchers are continuously monitoring any vulnerabilities and exploits that may arise from the whopping 440GB of leaked emails from Hacking team.
Oracle also joined the bandwagon and released its own security updates to fix the Java zero-day exploit(designated with CVE-2015-2590), which was the first in nearly two years. This zero-day exploit was used in the targeted attack campaign, Operation Pawn Storm that often hit military and defense contractors from the US and its allies among others. Oracle’s patch update also contains fixes to address the other 193 new vulnerabilities.