News

New MS Word Zero-Day Exploit Uses OLE to Bypass Security

Microsoft Word has been the target of malware for almost as long as it’s been around. Usually, it tries to take advantage of the built-in macro function, but not this time. Macro-files aren’t as effective as they used to be as a lot of apps run in sandboxes these days or the general system security will catch it. This new version that has appeared goes a different way.

The exploit is said to be working on pretty much any version of Word running on any Windows version, even on Windows 10 that has the best protection according to security experts.

The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from security firm FireEye. Once opened, the exploit code concealed inside the document connects to an attacker-controlled server. It downloads a malicious HTML application file that’s disguised to look like a document created in Microsoft’s Rich Text Format. Behind the scenes, the .hta file downloads additional payloads from “different well-known malware families.” Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened. By using this method, it bypasses most exploit mitigations.

The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office.

FireEye has already been communicating with Microsoft for weeks about the issue, but they had agreed not to publish any details until a patch was in place. But, McAfee disclosed vulnerability details and said that it was aware of attacks dating back to January, so they came forward with their information too.

The attacks observed by McAfee are unable to work when a booby-trapped document is viewed in an Office feature known as Protected View, but you should stay vigilant and be suspicious of any word document you receive in your email inbox.

Bohs Hansen

Disqus Comments Loading...

Recent Posts

Electronic Arts Titles Played for Over 11 Billion Hours in 2024

Electronic Arts (EA) announced today that its games were played for over 11 billion hours…

2 days ago

Just 15% of Steam Gaming Time in 2024 Was Spent on New Releases

Steam's annual end-of-year recap, Steam Replay, provides fascinating insights into gamer habits by comparing individual…

2 days ago

STALKER 2 Gets Massive 110GB Patch With 1800+ Fixes

GSC GameWorld released a major title update for STALKER 2 this seeking, bringing the game…

2 days ago

Intel Unveils Core 200H Processors Based on the Previous Raptor Lake Refresh

Without any formal announcement, Intel appears to have revealed its new Core 200H series processors…

3 days ago

Ubisoft Reportedly Developing a New Quadruple A Game

Ubisoft is not having the best of times, but despite recent flops, the company still…

3 days ago

STALKER 2: Heart of Chornobyl Update 1.1 Fixes 1,800 Issues and Revamps A-Life 2.0

If you haven’t started playing STALKER 2: Heart of Chornobyl yet, now might be the…

3 days ago