The Broadband Guide
SG
search advanced
 Username:
 Password:
Register
 forgot password?

Microsoft Word Target of Zero-Day Malware Attack

2017-04-11 04:47 by
Tags: ,

 

Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.

Surprisingly, this zero-day bug doesn't rely on macros. The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects.

Researchers at McAfee, who first reported the bug, said that the attacker can run code on the affected computer while evading memory-based mitigations designed to prevent these kinds of attacks.

"The successful exploit closes the bait Word document, and pops up a fake one to show the victim," the McAfee researchers said. "In the background, the malware has already been stealthily installed on the victim's system."

The bug affects all versions of Office, including the latest Office 2016 running on Windows 10, and attacks have been observed in the wild since January.

Microsoft promises to issue a fix for the bug on Tuesday as part of its monthly release of security fixes and patches.

Read more -here-

 

  Post your review/comments
    rate:
   avg:
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About