Hackers are Attacking Word Users with Microsoft Office Zero-Day Vulnerability

Hackers are Attacking Word Users with Microsoft Office Zero-Day Vulnerability

A previously undiscovered exploit in Microsoft Word is being used to spread trojan software called Dridex.

Researchers at McAfee said that, unlike common Word document attacks, this flaw doesn't rely on macros to execute.

McAfee researcher Haifei Li said the attack works against Office 2016 on Windows 10 and earlier.

He explains that the vulnerability lies in the Windows Object Linking and Embedding (OLE) feature of Office. While FireEye has reportedly been communicating with Microsoft for several weeks about the vulnerability, it was disclosed for the first time publicly on Saturday by McAfee.

Details on the patch are available in this security advisory (CVE-2017-0199) from Microsoft, which also confirms McAfee's claim that an exploit is in the wild.

"Meanwhile we encourage customers to practise safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue". "The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue".

More news: 'Only time will tell' on improving US-China trade

The firm recently detected suspicious Word documents packaged as.rtf files, which when executed, drop the malicious payload. The flaw allowed malicious Word files to contain code that would download malware while popping up a fake document to the user.

A security flaw in Microsoft Office was used in criminal operations as well as espionage operations against Russian-speaking targets since January, according to a report from the security firm FireEye. It means the vulnerability is not known by the public except for attackers who are exploiting it. As noted by our sister site, ZDNet, Microsoft is planning a patch for the vulnerability on Tuesday, April 11.

Disabling Macros does not offer any protection, but yet users are advised to do so in an attempt to protect themselves against other attacks.

Booby-trapped emails created to spread the cyber-pathogen have been sent to hundreds of thousands of recipients across numerous organisations, according to email security firm Proofpoint.

"We suggest everyone ensure that Office Protected View is enabled", said Li. Thus, this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft. Their blog posting last week says they found the exploit on Thursday and published news of it Friday.

Related Articles

  • Finally, something the Red Sox can feel good about

    Finally, something the Red Sox can feel good about

    Turns out, he's been good enough during a time in which the organization couldn't create more roster instability if they tried. Back-to-back singles by Pedroia and Benintendi produced a three-run seventh inning and some extra cushion for the bullpen.
    Ahmadinejad Registers To Run For Iranian President

    Ahmadinejad Registers To Run For Iranian President

    The landmark deal gave Iran relief from global sanctions in exchange for greater restrictions on its nuclear energy initiatives. Baghaei, who was imprisoned for seven months after he left office, registered alongside Ahmadinejad on Wednesday.
    Uganda charges, jails academic for insulting the president

    Uganda charges, jails academic for insulting the president

    Last week the government scrapped a tax on sanitary pads, which some see as a concession to Ms Nyanzi's campaign. In her customary graphic language, Ms Nyanzi accused the first lady of being out of touch with reality.
  • United States  'concerned' about Hungary's university law

    United States 'concerned' about Hungary's university law

    CEU is accredited in NY state and Hungary and its students can obtain diplomas accepted both locally and the United States. The law requires universities in Hungary also to have a campus in their home countries.
    Akzo Nobel's battle with PPG escalates amid push to oust chairman

    Akzo Nobel's battle with PPG escalates amid push to oust chairman

    For its part, PPG said Wednesday "there are now no agreements or arrangements, in whatever form, between PPG and Elliott Advisors ".
    Logoly State Park sets Easter celebration for Saturday

    Logoly State Park sets Easter celebration for Saturday

    Asbury United Methodist Church, 1341 Grandview Road, Altoona, will hold an Easter egg hunt at the church pavilion at 2 p.m. Children will enter the hunt area in small groups and be challenged to find eggs of different colors before they exit.
  • Fighting intensifies in Palestinian refugee camp in Lebanon

    Fighting intensifies in Palestinian refugee camp in Lebanon

    The fighting prompted the Lebanese army to take security measures at the entrance of the camp, including shutting the highway next to it.
    Airstrikes on Syria might also send message to North Korea

    Airstrikes on Syria might also send message to North Korea

    North Korea is emerging as one of the most pressing foreign policy problems facing the administration of U.S. The two also did not discuss any possible strike against the North by the Trump administration, he said.

    Who Is Darek Fox, The Grand National 2017 Winner (One For Arthur)?

    With their partners spending most weekends on the golf course, they made a decision to get into the horse-racing business. The 14/1 shot, trained by Lucinda Russell and ridden by Derek Fox , came strong at the second-from-last fence.
  • Gas Prices Will Rise This Summer But Should Remain Low

    Gas Prices Will Rise This Summer But Should Remain Low

    The latest GasBuddy.com survey of ME gas stations shows the average price of gas rose 4.4 cents to $2.31 per gallon last week. Gas prices rise over the summer as more people hit the road to take advantage of the warmer weather and school breaks.
    Trump hails 'tremendous progress' with Chinese leader Xi

    Trump hails 'tremendous progress' with Chinese leader Xi

    The timing of the attack could send a message to the Chinese. "All of us are feeling very good about the results of this summit". Trump informed South Korean Prime Minister Hwang Kyo-ahn in a Saturday telephone call of his summit discussion with Xi.
    One For Arthur wins the 170th Grand National

    One For Arthur wins the 170th Grand National

    Success for Russell's runner would give Scotland only their second win in the race after Rubstic's victory in 1979. Russell is only the fourth woman to train a National victor , after Jenny Pitman, Venetia Williams, and Sue Smith.