Published: Thu, April 13, 2017
Industry | By Faith Ward

Spam email virus hijacking Microsoft Word attachments: Fix expected on Tuesday

Spam email virus hijacking Microsoft Word attachments: Fix expected on Tuesday

Microsoft Tuesday patched a previously undisclosed Word zero-day vulnerability attackers used to install a variety of malware on victims' computers.

In the blog post McAfee explains: "The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an.hta file". It even shows a fake Word document to hide the attack from the victim.

Several research groups say the bug was being exploited as early as January to remotely install a spy program for carrying out espionage created by FinSpy, associated with Germany and UK-based "lawful intercept" firm, Gamma Group, which sells nearly exclusively to nation state hackers.

This time the vulnerability doesn't require macros to be enabled - the first campaign of its kind to use the newly-disclosed Microsoft zero-day. Until you get a patch, McAfee advises users to enable Office Protected View mode and, of course, do not open any Office files from untrusted sources.

Finally, a remote code execution vulnerability has been fixed in the Microsoft.NET Framework.

Microsoft has said they will patch the flaw today.

The firm recently detected suspicious Word documents packaged as.rtf files, which when executed, drop the malicious payload.

Triple Talaq: Woman seeks justice, threatens to convert to Hinduism
She said that if she does not get justice for herself and her daughter she would have no choice but convert to Hinduism. In its manifesto for the assembly polls, the BJP had promised to take up the triple talaq matter.

Rwanda's Inflation Rate Eases to 7.7 Percent in March
Chinese consumer price inflation remains weak, and it looks like the rebound in factory-gate prices is now also past its peak. In terms of month-on-month data, Chinese inflation fell 0.3 per cent, as compared to the 0.2 per cent dip in February.

Taiwan bans human consumption of cat and dog meat
Last year, Taiwanese President Tsai Ing-wen adopted three retired guide dogs to live along with her two cats, Cookie and A-Tsai. Hong Kong and China have banned the killing of dogs and cats for sale as meat, but have not specifically outlawed consumption.

A security flaw in Microsoft Office was used in criminal operations as well as espionage operations against Russian-speaking targets since January, according to a report from the security firm FireEye.

Always beware of phishing emails, spams, and clicking the malicious attachment.

Fortunately, a Microsoft spokesperson has confirmed the tech giant will eliminate the issue with the release of its upcoming monthly update later on Tuesday, April 11.

The attack involves a threat actor emailing a Microsoft Word document to a targeted user with an embedded OLE2link object. Such elevation-of-privilege vulnerabilities are typically exploited along with an additional attack exploiting a separate bug so the attack chain can bypass a security sandbox or similar security protections.

Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View.

Within Trust Center, enabling the GPO that uses File Block to block.rtf files, not even allowing for them to be opened in "Protected View".

But FireEye believes these attacks only began after the McAfee blog post and likely reverse engineered the vulnerability from the blog post.

Like this: