Microsoft had a chance to crush the SandWorm bug before it crawled out of the dunes, but botched the job, says HP.
HP
says that the Windows Object Packager, which SandWorm attacks, “had suffered a similar issue in 2012 with security bulletin
MS12-005.
HP researcher Matt Oh goes on to write that he “found striking similarities“ between the patch for SandWorm,
MS14-064, and the previous patch. Another patch,
MS14-060, also addressed the underlying problem SandWorm exploits.
“Both MS12-005 and MS14-060 add code to mark files unsafe by using a zone identifier,” he writes. “This pops up a warning dialog box on the user’s screen before binaries are executed. This provides additional protection for the user - any embedded object dropped in the temporary folder from Office documents should be treated as potentially dangerous.”
