You might want to be extra careful about what files you open in Word over the next few days: Attackers are exploiting a previously undisclosed vulnerability in Microsoft Office to sneak malware into your system.
The zero-day bug fundamentally relies on infected Word documents, which then download malicious HTML applications disguised as make-belief Rich Text files. Once executed, the HTML application connects to a remote server and runs a custom script designed to stealthily install malware.
What is particularly worrying is that unlike regular macro hacks – which Office generally warns against when opening macro-enabled documents – the attack vector makes it difficult to prevent potential attacks.
The vulnerability was first discovered by researchers at McAfee, who detailed the bug in more detail last Friday. Since then, fellow cybersecurity firm FireEyepublished another blog about the same vulnerability, informing it had been withholding disclosure until Microsoft has had a chance to fix the glitch.
Both companies, however, indicate that the issue has to do with the Windows Object Linking and Embedding (OLE) function, which has been exploited on a number of occasions over the past few years.
The vulnerability affects all versions of Office, including the latest Office 2016 for Windows 10, according to the researchers.
Fortunately, a Microsoft spokesperson has confirmed the tech giant will eliminate the issue with the release of its upcoming monthly update… (that’s a relief).
Until then, McAfee advises users to only run Office in Protected View mode as well as to refrain from opening “any Office files obtained from untrusted locations.”
Update: Microsoft has since released a patch that eliminates the vulnerability. Make sure you update your Windows system to the latest version to avoid risk of getting hacked.
Latest posts by Peter Kivuti (see all)
- You need to pay attention to cyber security - April 7, 2019
- Banking Trojan Trickbot New Tricks - January 10, 2019
- Internet-facing endpoints are exposing businesses worldwide to a botnet which is now being used in targeted ransomware campaigns: Phorpiex worm - January 10, 2019