New Zero-day exploit uses Word to hack your PC

word_icon_thumb800-620x372

There was a time when Word documents were the main vector of infections on PCs, due to the ease of creating Macro viruses and the power of the macro language Microsoft used.

That was, however, a very long time ago, and Microsoft has beefed up security in their Office suite quite a bit since then.

That’s about to change, however, as a new Word-based virus is doing the rounds, with no patch currently available.

Security researchers FireEye has revealed a new vulnerability in Word based on Windows Object Linking and Embedding (OLE), and which is currently doing the rounds in the wild.

The virus arrives by email, which when opened activates exploit code in the document which connects to an attacker-controlled server and then downloads a malicious HTML application file that’s disguised to look like a document created in Microsoft’s Rich Text Format. Once running the .hta file downloads additional payloads from different well-known malware families and then pops up a real word document to hide its activities.

The attack works on fully patched PCs and the only mitigation is not to download or open suspicious word files or only view them in Protected View, which does, in fact, protect users on this occasion. Disabling Macros does not offer any protection.

The new malware was discovered some weeks ago and FireEye has notified Microsoft of its existence, but a patch is not ready to be released yet.

Read more about the issue at FireEye here.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a website or blog at WordPress.com

Up ↑

%d bloggers like this: