Hackers are using malicious Word documents to exploit Microsoft zero-day vulnerability

Posted April 13, 2017

On Tuesday, Microsoft would be scheduling its monthly security updates but the vulnerability of this patch would be included or not is still not known. Also, the Microsoft users are advised to always ensure that Office Protected View is enabled.

He explains that the vulnerability lies in the Windows Object Linking and Embedding (OLE) feature of Office.

Security researchers at McAfee and FireEye have warned of a zero-day vulnerability in Microsoft Office applications - even on Windows 10 - that can be used to mount an attack on users with a simple MS Word document.

FireEye said this kind of disclosure to software vendors was standard operational procedure for them.

The document that triggers the OLE2Link vulnerability is an RTF document that masquerades as a Microsoft Word DOC file. The active attacks on three separate Microsoft products makes that advice particularly important this month.

What is particularly worrying is that unlike regular macro hacks - which Office generally warns against when opening macro-enabled documents - the attack vector makes it hard to prevent potential attacks.

A new spam email virus has been reported over the weekend involving Microsoft Word that can wipe out an entire computer system with no warning.

Trump's Attack on Syria Killed Four Children, State News Agency Claims
Syrian officials and their allies also said they did not expect the attack to lead to an expansion of the conflict. The attack targeted the Shayrat military base in the central Homs province, the source told Xinhua.

When contacted by eWEEK's Sean Michael Kerner, a Microsoft spokesperson said a patch was set to arrive on April 11. He said the collaboration went "back and forth ..."

An update addressing the flaw is anticipated in April's edition of Redmond's Patch Tuesday later today. Unknown vulnerabilities, often called zero days, are expensive. It's considered the ethical gold standard in security research or white-hat hacking.

A security company has found Australians were specifically targeted with malware that exploits a bug in Microsoft Word to steal users' banking details.

So why did McAfee go public right away? McAfee itself declined comment.

Hackers are taking advantage of a newly revealed Microsoft Word zero-day to mount a very large campaign infecting the systems of millions of recipients across numerous organisations. This form of attack vector has not previously been observed in the wild. "Irrespective of a patch being available, there may be workarounds or other ways to reduce your risk of being blind-sided".

Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View. "The more information that's disclosed, the easier it is" to replicate the exploit. Such elevation-of-privilege vulnerabilities are typically exploited along with an additional attack exploiting a separate bug so the attack chain can bypass a security sandbox or similar security protections.