Serious vulnerability in Microsoft Word is being used by hackers to install malware on computers
A zero day vulnerability in Microsoft Word is being exploited by hackers to install malware on Windows machines.
According to FireEye, "The attack involves an actor sending a Microsoft Word document that has embedded OLE2link to another user. When the user opens the document, winword.exe will issue an HTTP request to the remote server to retrieve a malicious .hta file, appear as a fake RTF file. Microsoft HTA application downloads and executes malicious code In both observed documents, malicious script has stopped the process of winword .exe, download additional payloads and load another document to "lure" the user. The initial winword.exe process is terminated to hide the message prompting the user to be created from OLE2link " .
Microsoft said it has detected this vulnerability since January 2017 but has not given any advice to enhance security or release a patch. According to MCAfee, "this vulnerability works on all Microsoft Office versions including the latest Office 2016 running on Windows 10. The latest attack was discovered in January . "
Proofpoint, another security company, discovered "this vulnerability is used in a large email campaign to distribute Dridex trojans (a malicious code that can steal personal information when making banking transactions." online. "This campaign has been sent to millions of recipients from major Australian organizations . "
If you are using Microsoft Word, please pay attention to MCAfee's advice: Do not open any Office files sent from strangers, unreliable and this type of attack does not pass Office Protected View so please sure this feature is turned on.
To open a document in Protected View mode, follow these steps:
- Click File> Open
- On the Open dialog box, click the arrow next to the Open button
- From the drop-down list, select Open in Protected View
Finally, as soon as Microsoft updates the patch, you must also update your office suite.
You should read it
- Microsoft: Should run Word in safe mode
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Disable the Protected View feature in Word
- What is Protected View? Turn on and off the Protected View feature in Office 2016
- Ways to remove the Read only message in Word
- AMD CPUs also have security vulnerabilities that have existed for many years now!
- Vulnerability in Microsoft Outlook makes users believe in phishing emails
- Apple releases iOS 14.4.2, iOS 12.5.2, and watchOS 7.3.3 updates that patch the critical zero-day vulnerability
May be interested
- Vulnerability warnings help hackers take down Telegram users' computersthrough the vulnerability in telegram, hackers will be able to carry out attacks to take control of users' computers.
- Microsoft urges Admin to patch PowerShell vulnerability on Windowsmicrosoft has just asked for it admins of organizations and businesses to immediately patch the vulnerability in powershell 7. the reason is that this vulnerability allows hackers to bypass windows defender application control (wdac) enforcement measures.
- Microsoft patches vulnerability in Windows AppX Installer being used to spread Emotet malwaremicrosoft has patched a critical zero-day vulnerability in windows that is being exploited by cybercriminals to spread emotet malware.
- Windows 10 vulnerability from Cortana helps hackers open unauthorized malicious websites and how to fix themby default, cortana will always listen to users' requests, even if the lock screen on windows 10, this is the hole that gives hackers the opportunity to manipulate the device and install malicious code. in computer.
- 5 install Microsoft Word you should customizeword offers many built-in and default settings to help you create the right kind of document, whether it is professional reporting for business or administrative documents.
- In turn, Microsoft admitted being hacked because of the SolarWinds vulnerabilitymicrosoft has admitted that they were attacked by hackers through a vulnerability of solarwinds' software update system. however, the software giant denied that hackers used their software to infect users as well as customers.
- Microsoft has just 'lowered' the way hackers use to control computersupdating in the office 2016 suite gives enterprise administrators the right to block the process of running macros in files.
- GitLab patches critical vulnerability that allows hackers to take control of accountsgitlab has just resolved a critical vulnerability that could allow hackers to take over users' accounts with hard-coded passwords. it is worth mentioning here that the hacker can perform the attack remotely.
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge itmicrosoft has just released security updates to fix a high-severity zero-day vulnerability in windows.
- What is Safe Malware? Why is it so dangerous?remote access trojan (rat) is a type of malware that allows hackers to monitor and control the victim's computer or network.