Pawn Storm: First Java Zero-Day Attack in Two Years Targets NATO & US Defense Organizations -
Overnight, Trend Micro’s research teams identified a new attack in the ongoing Pawn Storm campaign that is focused on high-profile, sensitive targets. The Trend MicroTM Smart Protection NetworkTM has enabled us to identify email messages targeting a NATO member as well as a US defense organization.
This latest Pawn Storm attack is also notable because it is being carried out using a new, unpatched vulnerability against Oracle’s Java, making this the first known zero-day attack against Java since 2013. The attack leverages a three-year-old vulnerability in Microsoft Windows Common Controls CVE-2012-015 which is addressed in MS12-027.
Our researchers have reported this vulnerability to Oracle and are working with them to address it.