Email-based attacks exploit unpatched vulnerability in Microsoft Word

Adjust Comment Print

However, a recent discovery by experts at FireEye and McAffee unveiled a critical zero-day vulnerability-an undiscovered security hole-that enables hackers to deliver malware without using macros. Once opened, the exploit connects to a remote server and downloads a file containing a HTML application dressed up as a Microsoft document.

Researchers at McAfee, who first reported the discovery Friday, said because the HTML application is executable, the attacker can run code on the affected computer while evading memory-based mitigations created to prevent these kinds of attacks.

Microsoft Office users should be careful of this zero-day exploit targeting Word documents by attaching a malicious document on their emails.

The vulnerability comes from Windows Object Linking and Embedding feature, according to FireEye.

The attack can not be activated if people open the documents in Office's protected view, McAfee said.

The attack has been found to be being used openly in the wild and Microsoft has been aware of the issue for several weeks. While Microsoft works on a patch, McAfee recommends not opening any Office files obtained from untrusted sources, and also enabling Office Protected View. Microsoft's fix for CVE-2017-0199, as the flaw is indexed, is here. Microsoft has now patched the zero-day vulnerability via a software update.

Six arrested in St Petersburg on suspicion of terrorism links
That station is a major transfer point for passengers on two lines and serves the railway station to Moscow . A bomb also was found and disarmed in the apartment shared by the three suspects on the outskirts of St.

The malware can be disguised as important files or documents sent over email, meaning a student's homework or an office presentation could be harboring the next attack.

A security flaw in Microsoft Office was used in criminal operations as well as espionage operations against Russian-speaking targets since January, according to a report from the security firm FireEye. An attacker who successfully exploited this vulnerability could take control of an affected system.

McAfeefound that Microsoft's Office Protect View sandbox will prevent the attack from working.

The emails use spoofed email domains and attachments that pretend they are scanned documents to lure users into opening them.

"Thus, this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft", said Haifei Li, senior vulnerability researcher at McAfee.

In a statement sent out to media outlets, a spokesman for the firm said: 'We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically.