You might want to be extra careful about what files you open in Word over the next few days: Attackers are exploiting a previously undisclosed vulnerability in Microsoft Office to sneak malware into your system.
The zero-day bug fundamentally relies on infected Word documents, which then download malicious HTML applications disguised as make-belief Rich Text files. Once executed, the HTML application connects to a remote server and runs a custom script designed to stealthily install malware.
What is particularly worrying is that unlike regular macro hacks – which Office generally warns against when opening macro-enabled documents – the attack vector makes it difficult to prevent potential attacks.
The vulnerability was first discovered by researchers at McAfee, who [su_tooltip style=”bootstrap” position=”north” size=”1″ title=”MacOS malware” content=”The hack tricks unsuspecting users into opening infected Word documents which subsequently run malicious macros once the file has been loaded.” close=”yes”]detailed the bug[/su_tooltip] in more detail last Friday. Since then, fellow cybersecurity firm FireEyepublished another blog about the same vulnerability, informing it had been withholding disclosure until Microsoft has had a chance to fix the glitch.
Both companies, however, indicate that the issue has to do with the Windows Object Linking and Embedding (OLE) function, which has been exploited on a number of occasions over the past few years.
The vulnerability affects all versions of Office, including the latest Office 2016 for Windows 10, according to the researchers.
Fortunately, a Microsoft spokesperson has confirmed the tech giant will eliminate the issue with the release of its upcoming monthly update… (that’s a relief).
Until then, McAfee advises users to only run Office in Protected View mode as well as to refrain from opening “any Office files obtained from untrusted locations.”
Update: Microsoft has since released a patch that eliminates the vulnerability. Make sure you update your Windows system to the latest version to avoid risk of getting hacked.
via ZDNet