'Critical' Microsoft Office hack uses fake Word documents to install malware

Adjust Comment Print

Instead, the vulnerability is triggered when a victim opens a trick Word document, which downloads a malicious HTML application from a server, disguised to look like a Rich Text document file as a decoy. This results in the download of a malicious.hta file (HTML Application executable) on the victim's machine.

The way this malware works is through a dummy Word file that is sent via email or downloaded from a certain website.

It added that the root cause of the zero-day vulnerability is related to the Windows OLE feature in Windows, that Microsoft Office takes advantage of.

Allen said, because the security company tended to see vulnerabilities that were being actively exploited by hackers in the wild, vendors tended to be very responsive.

Microsoft has issued a patch for this vulnerability, the details of which were reported by iTWire on Sunday.

Capitals beat Bruins 3-1 in possible playoff preview
The Boston Bruins finished their regular season with a 3-1 loss to the Washington Capitals on Saturday afternoon at TD Garden. The Caps, who host the Florida Panthers on Sunday, were missing D John Carlson (lower body) and RW Brett Connolly (illness).

Microsoft moved swiftly on Tuesday to patch a potentially major security floor in all current versions of its popular Office suite, used by 1.2 billion people. Also, the Microsoft users are advised to always ensure that Office Protected View is enabled. Microsoft is now working on an official fix for the vulnerability. However, Microsoft is aware of the vulnerability and we can expect a patch in the near future.

The firm recently detected suspicious Word documents packaged as.rtf files, which when executed, drop the malicious payload. OLE, which allows an application to embed other documents or objects, was used in 2014 by an advanced persistent threat group known as Sandworm to target government organizations and infrastructure providers in Europe and North Atlantic Treaty Organisation. In this case, it's a Word document that contains an embedded exploit. Such elevation-of-privilege vulnerabilities are typically exploited along with an additional attack exploiting a separate bug so the attack chain can bypass a security sandbox or similar security protections.

Thus, this is a unsafe bug that gives the attackers the authority to bypass the personal data. In a blog post, the anti-virus company also said that the risky malware attack is possible due to Microsoft's OLE (Object, Linking, and Embedding) technology, TNW has reported.

Booby-trapped emails created to spread the cyber-pathogen have been sent to hundreds of thousands of recipients across numerous organisations, according to email security firm Proofpoint. Also, it is vital to ensure Protected View is enabled, as the attack can not bypass the security feature.

In its bulletin, Microsoft said the security update resolves vulnerabilities in Microsoft Office that could allow remote code execution if a user opens a specially crafted Office file. However, some users find Protected View noisome and disable it. If the user opens the file, a Visual Basic script is run.