News

New MS Word Zero-Day Exploit Uses OLE to Bypass Security

Microsoft Word has been the target of malware for almost as long as it’s been around. Usually, it tries to take advantage of the built-in macro function, but not this time. Macro-files aren’t as effective as they used to be as a lot of apps run in sandboxes these days or the general system security will catch it. This new version that has appeared goes a different way.

The exploit is said to be working on pretty much any version of Word running on any Windows version, even on Windows 10 that has the best protection according to security experts.

The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from security firm FireEye. Once opened, the exploit code concealed inside the document connects to an attacker-controlled server. It downloads a malicious HTML application file that’s disguised to look like a document created in Microsoft’s Rich Text Format. Behind the scenes, the .hta file downloads additional payloads from “different well-known malware families.” Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened. By using this method, it bypasses most exploit mitigations.

The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office.

FireEye has already been communicating with Microsoft for weeks about the issue, but they had agreed not to publish any details until a patch was in place. But, McAfee disclosed vulnerability details and said that it was aware of attacks dating back to January, so they came forward with their information too.

The attacks observed by McAfee are unable to work when a booby-trapped document is viewed in an Office feature known as Protected View, but you should stay vigilant and be suspicious of any word document you receive in your email inbox.

Bohs Hansen

Disqus Comments Loading...

Recent Posts

Nvidia’s GeForce RTX 5090 Possible Price Revealed

According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…

2 hours ago

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

2 hours ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

2 hours ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

6 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

6 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

6 hours ago