Hackers Use Microsoft Word Bug To Install Malware On Your PC!

Posted April 13, 2017

Speaking on the Proofpoint website, a security analyst said: 'This is the first campaign we have observed that leverages the newly disclosed Microsoft zero-day.

The top priority this month should be given to the Microsoft Office security update because one of the fixed flaws has been actively exploited by attackers since January to infect computers with malware.

When the rogue documents used in this attack are opened, they reach out to an external server and download an HTA (HTML Application) file that contains malicious VBScript code. He said the Microsoft patch should automatically update tomorrow on computers running Windows versions 7, 8 and 10.

Both companies, however, indicate that the issue has to do with the Windows Object Linking and Embedding (OLE) function, which has been exploited on a number of occasions over the past few years. As such, attackers are said to be already exploiting this new Microsoft Word vulnerability.

Microsoft has issued a patch for this vulnerability, the details of which were reported by iTWire on Sunday.

Microsoft is likely to release a security update along with its next batch of updates, scheduled for Tuesday this week.

Myles Garrett Refuses to Appear on ESPN's Mike & Mike
Garrett has been the consensus prediction and rated by many scouts as the best overall player regardless of position. He even sticks with the popular mindset that the Browns will go with Myles Garrett at No. 1 overall.

McAfee told users not to open any Office files obtained from untrusted sources, especially from emails. Microsoft is now working on an official fix for the vulnerability. It allows applications to embed and link to documents and objects.

The researchers of McAfee said: "The successful feat closes the bait Word document, and shows a fake one to show the victim". Such elevation-of-privilege vulnerabilities are typically exploited along with an additional attack exploiting a separate bug so the attack chain can bypass a security sandbox or similar security protections. He suggested that users enable Office Protected View.

"[The vulnerability] was addressed in the April security update released on April 11, 2017". Due to the it being a logical bug, it can also navigate around any memory-based mitigations.

According to cyber-security firm Proofpoint, who discovered the Dridex spam campaign delivering Word documents weaponized with this zero-day, the spam wave consisting of millions of emails targeted mainly Australia.

Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View. Their blog posting last week says they found the exploit on Thursday and published news of it Friday.