Published: Thu, April 13, 2017
Hi-Tech | By Merle Christensen

Security Alert: Hackers Exploiting Microsoft Word To Infect Computers With Malware

Security Alert: Hackers Exploiting Microsoft Word To Infect Computers With Malware

FireEye researchers who discovered a bug in Word's Object Linking and Embedding technology were working with Microsoft, but were pre-empted by a disclosure from McAfee, as previously reported. Most software vulnerabilities give attackers user level code execution capability.

An unpatched vulnerability in Microsoft Word is being exploited to forward Dridex malware to millions of unsuspecting users.

In a report by ArsTechnica it has been stated that, "the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn't require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft's most secure operating system ever".

The attack has been found to be being used openly in the wild and Microsoft has been aware of the issue for several weeks.

Microsoft is likely to release a security update along with its next batch of updates, scheduled for this Tuesday.

In the meantime, McAfee has warned users not to open Microsoft Office files obtained from untrusted sources.

Microsoft's Patch Tuesday release of fixes is due tomorrow. "The update addresses the vulnerability by correcting the way that Microsoft Office and WordPad parses specially crafted files, and by enabling API functionality in Windows that Microsoft Office and WordPad will leverage to resolve the identified issue".

McConnell reaches out to Romney about possible Senate bid
It has all left Utah Republicans unclear whether Hatch is serious about seeking re-election. "He doesn't have to give an answer today".

Kylie Jenner IS getting her own TV show
Kylie isn't typically predominantly featured on KUWTK , but she does tend to share most of her day on social media. The cable network has announced plans for a " Keeping up with the Kardashians " spinoff titled " Life of Kylie ".

House to debate budget amendments
The House also parted ways with the Senate by voting to bar state money from being diverted to private school tuition. The state budget is the only piece of legislation that must pass during the regular session of the Texas Legislature.

The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an.hta file, according to a blog post by McAfee. OLE, which allows an application to embed other documents or objects, was used in 2014 by an advanced persistent threat group known as Sandworm to target government organizations and infrastructure providers in Europe and North Atlantic Treaty Organisation.

He added that the successful exploit closes the bait Word document, and pops up a fake one to show the victim.

In a blog post, Proofpoint researchers said the vulnerability represents a "significant level of agility and innovation" for the developers of the Dridex banking Trojan, which traditionally spreads to Windows users via macro-based documents in email attachments. In a blog post, the anti-virus company also said that the risky malware attack is possible due to Microsoft's OLE (Object, Linking, and Embedding) technology, TNW has reported.

From the list, click Open in Protected View.

Once the file is open and the exploit runs successfully, Dridex botnet ID 7500 is installed on the user's PC and an attacker can begin hoovering up banking details.

Ryan Hanson, a researcher at security firm Optiv and the person Microsoft credited with reporting the critical bug, said exploits can execute malicious code even when a mitigation known as Protected View isn't disabled.

Like this: