• Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
  • Resources
  • Industry Voice
  • Data Strategy Spotlight
  • Newsletters
  • Resources
    • Inqlogo 120x194
      Five things you should look for in choosing a Testing provider

      Choosing a Testing Partner can be complex.  So what do you look for?  This guide offers insight into the qualities you must look for in choosing a Testing provider.  Download now to learn more.

      Download
      Inqlogo 120x194
      Your questions answered: How to protect your data in the cloud

      The number of successful cyberattacks per year per company has increased by 46% over the last four years. But what really needs to be considered when exploring a solution? What questions need to be asked? Download to find out...

      Download
      Find resources
      Search by title or subject area
      View all resources
  • Follow us
    • RSS
    • Twitter
    • LinkedIn
    • Newsletters
    • Facebook
    • Google+
    • YouTube
  • Newsletter
  • Industry Voice
  • Data Strategy Spotlight
The Inquirer
The Inquirer
  • Home
  • News
  • Artificial Intelligence
  • Internet of Things
  • Open Source
  • Hardware
  • Software
  • Security
The Inquirer
  • Security

Microsoft Office zero-day allows hackers to install malware using Word

McAfee sounds the alarm bells over unpatched vulnerability

Microsoft Office zero-day allows hackers to install malware using Word
Microsoft Office zero-day allows hackers to install malware using Word
  • Sooraj Shah
  • Sooraj Shah
  • @Sooraj_Shah
  • 10 April 2017
  • Tweet  
  • Facebook  
  • Google plus  
  •  
  •  
  • Send to  
0 Comments

MICROSOFT OFFICE USERS are being warned of a new zero-day security flaw that has been exploited since at least January.

The  flaw enables attackers to covertly install malware on PCs by exploiting flaws in Microsoft's Object, Linking and Embedding (OLE) technology.

Security researchers at McAfee have been first off the mark among security vendors, publishing a blog over the weekend on the vulnerability.

The security group claims that it intercepted suspicious Microsoft Word Rich Text Format (RTF) format documents that, when opened, runs the exploit. This connects to a remote server in the background and downloads a file that contains an HTML application content file that looks like a Microsoft document, but executes it as a .hta file.

The .hta file enables the attacker to gain full administrator rights on the victim's machine.

"The successful exploit closes the 'bait' Word document, and pops up a fake one to show the victim. In the background, the malware has already been stealthily installed on the victim's system," McAfee warned.

It added that the root cause of the zero-day vulnerability is related to the Windows OLE feature in Windows, that Microsoft Office takes advantage of.

Security researchers at FireEye said that they also recently detected malicious Microsoft Office RTF documents that leverage a previously undisclosed vulnerability. They added that the vulnerability enables attackers to download and execute malware payloads from different well-known malware families.  

The security company said it had been in contact with Microsoft about the vulnerability for several weeks, but did not publicly disclose any details until McAfee decided to reveal all in its blog post.

Microsoft is likely to release a security update along with its next batch of updates, scheduled for this Tuesday.

In the meantime, McAfee warns users to not open Office files obtained from untrusted sources. It added that the attack cannot bypass the Office Protected View, so suggested that all users turn this feature on. µ

  • Tweet  
  • Facebook  
  • Google plus  
  •  
  •  
  • Send to  
  • Topics
  • Security
  • Microsoft
  • Windows
  • Security
  • SMB services
  • SMB Spotlight

INQ Latest

EU aims to crush anti-competitive online behaviour with new law proposals
EU aims to crush anti-competitive online behaviour with new law proposals

Oh look, the EU is getting stuck into the workings of tech again

  • Friction
  • 26 April 2018
GPU crypto-mining slump could see prices drop by 25 per cent
GPU crypto-mining slump could see prices drop by 25 per cent

At last, the break gamers have been waiting for

  • Hardware
  • 26 April 2018
Telegram downloads in Russia have reportedly increased following ban
Telegram downloads in Russia have reportedly increased following ban

Users have flocked to VPN services to skirt the block, claims NordVPN

  • Communications
  • 26 April 2018
Facebook brushes off Cambridge Analytica scandal with record Q1 revenues
Facebook brushes off Cambridge Analytica scandal with record Q1 revenues

'Stick that in your #DeleteFacebook', smirks social network

  • Communications
  • 26 April 2018
Back to Top

Most read

OnePlus 6 release date, specs and price: OnePlus confirms Galaxy S9-esque 'Super Slo Mo' feature
OnePlus 6 release date, specs and price: OnePlus confirms Galaxy S9-esque 'Super Slo Mo' feature
Ubuntu 18.04 LTS arrives with Gnome desktop, improved AI and Nvidia GPU acceleration
Ubuntu 18.04 LTS arrives with Gnome desktop, Kuberflow and Nvidia GPU acceleration
iPhone X2: Intel will reportedly supply 70 per cent of Apple's LTE modems in 2018
iPhone X2: Intel will reportedly supply 70 per cent of Apple's LTE modems in 2018
iPhone X price, deals and news: Apple suppliers confirm iPhone X sales are plummeting
iPhone X price, deals and news: Apple suppliers confirm iPhone X sales are plummeting
Sky Q gets Spotify integration, a new UI and a promise of Smart TV apps and AI
Sky Q gets Spotify integration, a new UI and a promise of Smart TV apps and AI
  • Contact
  • Marketing solutions
  • Enterprise IT Events
  • About Incisive Media
  • Terms & conditions
  • Privacy policy
  • RSS
  • Twitter
  • LinkedIn
  • Newsletters
  • Facebook
  • Google+
  • YouTube

© Incisive Business Media (IP) Limited, Published by Incisive Business Media Limited, New London House, 172 Drury Lane, London WC2B 5QR, registered in England and Wales with company registration numbers 09177174 & 09178013

Digital publisher of the year
Digital publisher of the year 2010, 2013, 2016 & 2017