Published: Thu, April 13, 2017
Industry | By Faith Ward

Spam email virus hijacking Microsoft Word attachments: Fix expected on Tuesday

Spam email virus hijacking Microsoft Word attachments: Fix expected on Tuesday

Microsoft Tuesday patched a previously undisclosed Word zero-day vulnerability attackers used to install a variety of malware on victims' computers.

In the blog post McAfee explains: "The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an.hta file". It even shows a fake Word document to hide the attack from the victim.

Several research groups say the bug was being exploited as early as January to remotely install a spy program for carrying out espionage created by FinSpy, associated with Germany and UK-based "lawful intercept" firm, Gamma Group, which sells nearly exclusively to nation state hackers.

This time the vulnerability doesn't require macros to be enabled - the first campaign of its kind to use the newly-disclosed Microsoft zero-day. Until you get a patch, McAfee advises users to enable Office Protected View mode and, of course, do not open any Office files from untrusted sources.

Finally, a remote code execution vulnerability has been fixed in the Microsoft.NET Framework.

Microsoft has said they will patch the flaw today.

The firm recently detected suspicious Word documents packaged as.rtf files, which when executed, drop the malicious payload.

McConnell reaches out to Romney about possible Senate bid
Romney discussed the possibility of a run for Sen. "I've had some conversations with Mitt Romney ", McConnell told reporters. In reaching out to Romney, Hatch said he is trying to prevent a divisive Utah primary over his successor.

Democrats push to link Syria strike, refugee ban
A statement from the International Refugee Assistance Project following the missile strikes took a similar tone. McMaster said that the refugee crisis " wasn't discussed as any part of the deliberations" for the strikes.

Hillary Clinton responds to Syria strike
One of these is, of course, mounting accusations that officials from his administration had close links to Russian Federation . Secretary of State Hillary Clinton appears on stage at the Women in the World Summit in the Manhattan borough of NY , U.S.

A security flaw in Microsoft Office was used in criminal operations as well as espionage operations against Russian-speaking targets since January, according to a report from the security firm FireEye.

Always beware of phishing emails, spams, and clicking the malicious attachment.

Fortunately, a Microsoft spokesperson has confirmed the tech giant will eliminate the issue with the release of its upcoming monthly update later on Tuesday, April 11.

The attack involves a threat actor emailing a Microsoft Word document to a targeted user with an embedded OLE2link object. Such elevation-of-privilege vulnerabilities are typically exploited along with an additional attack exploiting a separate bug so the attack chain can bypass a security sandbox or similar security protections.

Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View.

Within Trust Center, enabling the GPO that uses File Block to block.rtf files, not even allowing for them to be opened in "Protected View".

But FireEye believes these attacks only began after the McAfee blog post and likely reverse engineered the vulnerability from the blog post.

Like this: