[tfgg]

Is it me or is the linked article remarkably content free given the about of security babble it contains? The nice aspect of the Heartbleed branding was its simple and clear message, not having opaque sentences such as "Visibility into this campaign indicates targeting across the following domains" and self serving platitudes such as "As part of our normal cyber threat intelligence operations, iSIGHT Partners is tracking a growing drum beat of cyber espionage activity out of Russia."

edit: The meat of the vulnerability is in the "Working with Microsoft, we discovered the following" section, over halfway down the page.

[viraptor]

I guess it is actually about the context in this case, not about the issue itself. Exploits via outlook and office existed for a long time. This is hardly something new. Targeting a specific region / company / group of people, based on politics, without spamming everyone in the world with this vulnerability is a relatively new thing. It looks like they really did want to stay hidden for a long time.

[rasz_pl]

You wont get far spamming random people with PowerPoint vulnerability. It is entirely possible they simply targeted most likely PP users first.

[metafex]

It says basically nothing. It gives a CVE (for which no information is available) and says the exploit was used with PowerPoint documents, that's it.

[Igglyboo]

This might just be anti-microsoft bias but I think the thing here is that with a Windows vuln you can't see the source code so you really have no idea how severe the vuln is, the people who find it can simply make shit up with no one able to call them out other than Microsoft. Also maybe the average windows user will be less tech savy than a linux user and fall prey to scare tactics like these.

[guardian5x]

The "average windows user" will not even read this. Nevertheless there are many tech savvy windows users in absolute numbers.

[Igglyboo]

This is exactly the type of FUD story that cable news networks love to run.