Hackers are Attacking Word Users with Microsoft Office Zero-Day Vulnerability

  • Hackers are Attacking Word Users with Microsoft Office Zero-Day Vulnerability

Hackers are Attacking Word Users with Microsoft Office Zero-Day Vulnerability

Microsoft Corporation (NASDAQ:MSFT) owners should be wary of Microsoft Word and a malware that targets those who use the software.

Additionally, the attackers bypassed any memory-based mitigations, or the assessment and management of security threats.

The bug in question allows a malicious Word document containing an OLE2link object to be executed by a system running even Windows 10.

Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.

Rival security firm FireEye on Saturday appeared to take credit for finding the bug in a blog post titled "Acknowledgement of Attacks Leveraging Microsoft Zero Day", in which it said it had worked with Microsoft for "several weeks" but disclosed the issue due to McAfee's blog. The HTA file is masked as an RTF (Rich Text Format) document and is executed automatically.

The file will now be responsible for giving the attacker full access to the victim's machine. "In the background, the malware has already been stealthily installed on the victim's system", McAfee said.

The root cause of the zeroday vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office. Since then, fellow cybersecurity firm FireEye published another blog about the same vulnerability, informing it had been withholding disclosure until Microsoft has had a chance to fix the glitch. FireEye later made a decision to publish Saturday's blog post after McAfee disclosed vulnerability details.

Microsoft has, for almost a decade and a half, issued patches and updates the second Tuesday of every month. These kind of attacks typically affect only select individuals such as government contractors, government agencies, or other organizations that are attractive to nation-sponsored hackers.

The exploit works like this: The attacker gives an RTF file a.doc extension name.

According to the ZDNet, people should be careful of any Microsoft Word document that arrives in an e-mail despite having a well-known sender. Also, the Microsoft users are advised to always ensure that Office Protected View is enabled. If you choose to open an attached Word document, extreme caution should be exercised before disabling Protected View.

A previously undiscovered exploit in Microsoft Word is being used to spread trojan software called Dridex.