A new exploit, reported by McAfee, uses trick Microsoft office files to install malware on a user’s machine and can bypass existing protection methods. According to the report, the attacks started in January and leverage a vulnerability that hadn’t yet been disclosed. The hack affects all versions of Office, the report noted, including the latest version of Office 2016 on Windows 10.
This exploit uses fake versions of Office files—like Word documents—to install malware on a victim’s computer.
The problem starts when a user is sent a fake Word document from the attacker. Once the user tries to open the file, a malicious HTML application is downloaded from the attacker’s server and is then executed as an .hta file (disguised as an RTF document), giving the hacker full code execution on the victim’s computer, the report noted.”… this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft,” the McAfee report said.
Once the damage is done, a fake Word document is shown to the user, but at that point it is too late—malware is already installed on the machine. The vulnerability lies in the Windows Object Linking and Embedding (OLE) feature in office.
Microsoft is planning a patch for the vulnerability today – Tuesday, April 11.
it is important that users protect themselves.
1.”Do not open any Office files obtained from untrusted locations.”
2.”According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that the Office Protected View is enabled.”
Malware continues to grow as a major security threat in the enterprise. Apple recently patched a mysterious malware known as proton, and other “invisible” forms of malware have recently been found in Windows Powershell and other testing tools.
Your internet history is now for sale.
Smartphone malware rises 400% in 2016, Nokia reports
