Published: Thu, April 13, 2017
Industry | By Faith Ward

Spam email virus hijacking Microsoft Word attachments: Fix expected on Tuesday

Spam email virus hijacking Microsoft Word attachments: Fix expected on Tuesday

Microsoft Tuesday patched a previously undisclosed Word zero-day vulnerability attackers used to install a variety of malware on victims' computers.

In the blog post McAfee explains: "The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an.hta file". It even shows a fake Word document to hide the attack from the victim.

Several research groups say the bug was being exploited as early as January to remotely install a spy program for carrying out espionage created by FinSpy, associated with Germany and UK-based "lawful intercept" firm, Gamma Group, which sells nearly exclusively to nation state hackers.

This time the vulnerability doesn't require macros to be enabled - the first campaign of its kind to use the newly-disclosed Microsoft zero-day. Until you get a patch, McAfee advises users to enable Office Protected View mode and, of course, do not open any Office files from untrusted sources.

Finally, a remote code execution vulnerability has been fixed in the Microsoft.NET Framework.

Microsoft has said they will patch the flaw today.

The firm recently detected suspicious Word documents packaged as.rtf files, which when executed, drop the malicious payload.

Shooting near South Florida mall leaves 1 dead
A Coral Gables Police Spokesperson said the scene was secured by 1:45 p.m and officers are now investigating the incident. The scene at The Shops at Merrick Park, located at 358 San Lorenzo Avenue in Coral Gables, Florida .

Bookies count cost of Scottish Grand National win
He has done us proud, he has done Scotland proud and he has done everyone at the yard proud. "It's out of this world". Fox hailed his win as "unbelievable", adding One For Arthur "jumped so well even though he was a long way back".

US, Mexico and Canada to make joint bid for 2026 World Cup
President Donald Trump's plans to build a wall between the U.S. and Mexico that he wants the latter to pay for. CONCACAF now gets three automatic slots and its fourth-place team advances to a playoff for another.

A security flaw in Microsoft Office was used in criminal operations as well as espionage operations against Russian-speaking targets since January, according to a report from the security firm FireEye.

Always beware of phishing emails, spams, and clicking the malicious attachment.

Fortunately, a Microsoft spokesperson has confirmed the tech giant will eliminate the issue with the release of its upcoming monthly update later on Tuesday, April 11.

The attack involves a threat actor emailing a Microsoft Word document to a targeted user with an embedded OLE2link object. Such elevation-of-privilege vulnerabilities are typically exploited along with an additional attack exploiting a separate bug so the attack chain can bypass a security sandbox or similar security protections.

Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View.

Within Trust Center, enabling the GPO that uses File Block to block.rtf files, not even allowing for them to be opened in "Protected View".

But FireEye believes these attacks only began after the McAfee blog post and likely reverse engineered the vulnerability from the blog post.

Like this: