Be Careful Of This Malicious Microsoft Office Zero Day Attack

By Donna Bellevue , Apr 10, 2017 05:48 AM EDT

Microsoft Office users should be careful of this zero-day exploit targeting Word documents by attaching a malicious document on their emails. Security researchers say that if left unchecked, this zero-day vulnerability can be used to quietly install different kinds of malware on your computer. A zero-day vulnerability refers to a flaw in the software that the manufacturing company does not know, giving opportunities for hackers to exploit it before the vendor becomes aware to fix it.

The security firm McAfee first reported the vulnerability attack on unsuspecting Word users on Friday evening. They disclosed that after investigating the issue, they found that the problem affects most or all versions of Microsoft Word. The new zero-day attack takes place by surreptitiously installing malware even on fully patched computers.

An e-mail stealthily starts the attack by attaching a malicious Microsoft Word document. According to the Ars Technica, once opened, a concealed code inside the document will establish a connection to an attacker-controlled server. It will then download a malicious HTML application file that created to look like a document created in the software's Rich Text Format.

Behind it all, the .hta file will start downloading additional payloads from "different well-known malware families". These kind of attacks typically affect only select individuals such as government contractors, government agencies, or other organizations that are attractive to nation-sponsored hackers. However, it's not rare for such attacks to happen on larger populations once the underlying zero-day vulnerability becomes public knowledge.

According to the ZDNet, people should be careful of any Microsoft Word document that arrives in an e-mail despite having a well-known sender. If you choose to open an attached Word document, extreme caution should be exercised before disabling Protected View. It's not yet known if the use of Microsoft's Enhanced Mitigation Experience Toolkit prevents the malicious malware from working.

© 2019 ITECHPOST, All rights reserved. Do not reproduce without permission.
Real Time Analytics