Adobe Flash Zero Day exploit targeting Microsoft Office users

Earlier this week Adobe issued a critical patch for a zero day exploit for Adobe Flash in addition to the 24 other vulnerabilities. The zero day exploit was in the wild and was already being used by the criminals to target users. Adobe claimed that all the versions including the latest version 21.0.0.226 on Windows, Macintosh, Linux and ChromeOS are affected by the exploit.

The exploit only seems to attack Microsoft Office, Windows and Flash users with the help of some form of phishing file or a link. The only way that the exploit can run for so long is the fact that it keeps on changing the exploit using Dynamic DNS domain.

As reported by TheRegister , Genwei Jiang, a senior security engineer from Singapore adds, “With this configuration, the attackers could disseminate their exploit via URL or email attachment.”

“Attackers had embedded the Flash exploit inside a Microsoft Office document, which they then hosted on their web server” says Jiang. He added that people who can not stop with using Flash on their system need to patch against this exploit along with patches for other vulnerabilities and should use Enhanced Mitigation Experience Toolkit (EMET) from Microsoft to counter the vulnerabilities in Flash.

The machines which are most at risk are the versions previous to Windows 10 which includes EMET in the operating system and the users running the previous versions must keep Flash updated.