Reports have implicated a sophisticated piece of malware known as Regin that has been in use for years. Designed to carry out long-term stealthy surveillance on would-be victims, telecom companies are believed to have been its primary targets.
Microsoft has released an out-of-band security bulletin (MS14-068) that addresses a vulnerability in various versions of Windows, stating that the vulnerability is already being used in “limited, targeted attacks”.
For many organizations, the question is no longer if they fall victim to a targeted attack, but when. In such an event, how an organization responds will determine whether it becomes a serious event or if it stays a mere annoyance.
Microsoft released 16 security updates during its Patch Tuesday release for November 2014, including one for the Windows OLE Automation Array Remote Code Execution Vulnerability that affects almost all Windows versions.