Serious vulnerability in Microsoft Word is being used by hackers to install malware on computers

A zero day vulnerability in Microsoft Word is being exploited by hackers to install malware on Windows machines.

According to FireEye, "The attack involves an actor sending a Microsoft Word document that has embedded OLE2link to another user. When the user opens the document, winword.exe will issue an HTTP request to the remote server to retrieve a malicious .hta file, appear as a fake RTF file. Microsoft HTA application downloads and executes malicious code In both observed documents, malicious script has stopped the process of winword .exe, download additional payloads and load another document to "lure" the user. The initial winword.exe process is terminated to hide the message prompting the user to be created from OLE2link " .

Microsoft said it has detected this vulnerability since January 2017 but has not given any advice to enhance security or release a patch. According to MCAfee, "this vulnerability works on all Microsoft Office versions including the latest Office 2016 running on Windows 10. The latest attack was discovered in January . "

Proofpoint, another security company, discovered "this vulnerability is used in a large email campaign to distribute Dridex trojans (a malicious code that can steal personal information when making banking transactions." online. "This campaign has been sent to millions of recipients from major Australian organizations . "

If you are using Microsoft Word, please pay attention to MCAfee's advice: Do not open any Office files sent from strangers, unreliable and this type of attack does not pass Office Protected View so please sure this feature is turned on.

To open a document in Protected View mode, follow these steps:

1. Click File> Open
2. On the Open dialog box, click the arrow next to the Open button
3. From the drop-down list, select Open in Protected View

Finally, as soon as Microsoft updates the patch, you must also update your office suite.