Published: Wed, April 12, 2017
Sci-tech | By Jackie Newman

Microsoft Office vulnerability lets hackers use Word files to install malware

Microsoft Office vulnerability lets hackers use Word files to install malware

Two cybersecurity firms have uncovered vulnerabilities in Microsoft Office files that have allowed hackers to install malware through Word documents.

"The successful exploit closes the bait Word document and pops up a fake one to show the victim". This results in the download of a malicious.hta file (HTML Application executable) on the victim's machine.

As Ars reported Monday night, attackers are exploiting the flaw to infect unsuspecting Word users with bank-fraud malware known as Dridex. The vulnerability was traced to the Windows Object Linking and Embedding (OLE) component present in Office software that enables users to link to content in their documents. The attack was first detailed in a report from McAfee, which also offered steps that business users could take to protect themselves.

The advice of not opening files from the people you don't know is not really that helpful for employees working with scanned documents on a daily basis in a business environment, where they regularly have to open scanned documents and Word files from unknown (potential) business partners. "In the background, the malware has already been stealthily installed on the victim's system", McAfee said.

"We want to deal with this through an upgrade on Tuesday April 11, and customers that have upgrades empowered will be protected mechanically", said a Microsoft spokesman. The HTA file is disguised as an RTF (Rich Text Format) document and is automatically executed. Besides enforcing Protected View, the attack can be blocked by setting "Software\Microsoft\Office\15.0\Word\Security\FileBlock\RtfFiles to 2".

BC NDP promises to freeze BC Hydro rates
The poll also shows 17 per cent think Horgan is the most trustworthy. "This election is about a choice", it said. Pay the tolls at the Port Mann and Golden Ears bridges in Metro Vancouver, or pay them through taxes.

"After recent public disclosure by another company, this blog serves to acknowledge FireEye's awareness and coverage of these attacks". This activity has been going on for months and affects all versions of the MS Office package, including Office 2016 that also came with the Windows 10 Operating System.

McAfee told users not to open any Office files obtained from untrusted sources, especially from emails. McAfee traced the attacks all the way to late January.

The new vulnerability bug of Microsoft said to be a unsafe malware attack, according to McAfee anti-virus company.

Researchers have disclosed a previously unknown vulnerability in Microsoft Word that criminals have been exploiting in the wild. Today is Microsoft's Patch Tuesday for April, which means a patch could come in a cumulative update that should roll out today alongside the massive Windows 10 Creators Update rollout.

Like this: