News

New MS Word Zero-Day Exploit Uses OLE to Bypass Security

Microsoft Word has been the target of malware for almost as long as it’s been around. Usually, it tries to take advantage of the built-in macro function, but not this time. Macro-files aren’t as effective as they used to be as a lot of apps run in sandboxes these days or the general system security will catch it. This new version that has appeared goes a different way.

The exploit is said to be working on pretty much any version of Word running on any Windows version, even on Windows 10 that has the best protection according to security experts.

The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from security firm FireEye. Once opened, the exploit code concealed inside the document connects to an attacker-controlled server. It downloads a malicious HTML application file that’s disguised to look like a document created in Microsoft’s Rich Text Format. Behind the scenes, the .hta file downloads additional payloads from “different well-known malware families.” Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened. By using this method, it bypasses most exploit mitigations.

The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office.

FireEye has already been communicating with Microsoft for weeks about the issue, but they had agreed not to publish any details until a patch was in place. But, McAfee disclosed vulnerability details and said that it was aware of attacks dating back to January, so they came forward with their information too.

The attacks observed by McAfee are unable to work when a booby-trapped document is viewed in an Office feature known as Protected View, but you should stay vigilant and be suspicious of any word document you receive in your email inbox.

Bohs Hansen

Disqus Comments Loading...

Recent Posts

Twitch Now Banning All Content Focusing On Intimate Body Parts

As by now, I'm sure you are aware Twitch has decided to go ahead and…

5 hours ago

Seconds Patch of “Operation Medic Bag” For Payday 3 Released

I doubt many of you have been keeping up with Payday 3 which is understandable…

6 hours ago

MSI Announces SPATIUM M580 FROZR With A Huge Cooler

Today MSI has announced a new Gen 5 SSD, the SPATIUM M580 FROZR which comes…

6 hours ago

LENRUE PC Speakers, USB/USB-C Powered Computer Speakers with Loud Stereo Sound

Stereo and Noiseless - Without any noise! After multiple debugging, suppress static. Become clearer and…

7 hours ago

HP M27f Ultraslim Monitor 27 Inch

PICTURE-PERFECT IMMERSION – Work or play on a monitor that redefines high definition with its…

7 hours ago

Govee LED Light Bars, Smart WiFi RGBIC TV Backlight

Syncs With Your Music: With an internal high-sensitivity mic, Govee Flow Plus LED light bars…

7 hours ago