Be careful when opening that next Word document you receive; it might become a gateway for cybercriminals to hack into your computer and install malware.
Security researchers over at security firm McAfee are warning Office users regarding a zero-day security flaw within the productivity suite, which has been used by criminals to attack unsuspecting people since January.
The firm recently detected suspicious Word documents packaged as .rtf files, which when executed, drop the malicious payload. The exploit works by connecting to a remote server controlled by the hackers, which will download a file containing HTML Application content. It will then run as a .hta file.
The file will now be responsible for giving the attacker full access to the victim's machine. "This is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft", writes Haifei Li of McAfee. "The successful exploit closes the bait Word document, and pops up a fake one to show the victim. In the background, the malware has already been stealthily installed on the victim’s system".
Meanwhile, researchers at FireEye claimed to have found similar rogue .rtf files, which are also taking advantage of the same vulnerability. They add that the exploit enables cybercriminals to download and execute other malware payloads.
The two firms both indicate that the flaws are within Microsoft's Object, Linking and Embedding (OLE) technology. The vulnerability affects all versions of Office, including Office 2016 for Windows 10.
A Microsoft spokesperson has confirmed that the company will offer a patch to rectify the issue, which will be available on Tuesday as part of the software giant's monthly release of updates.
For now, McAfee suggests users do not open Office files obtained from untrustworthy locations. Also, it is vital to ensure Protected View is enabled, as the attack cannot bypass the security feature.
Office-based malicious attacks are not new, however. Attackers have also been known to exploit macros within Office documents, which can carry scripts. Victims are then fooled into enabling the macro feature, which launches the payload.
8 Comments - Add comment