dglobalnews.com Oh my Microsoft Word: Dridex hackers exploit unpatched flaw
Published: Thu, April 13, 2017
Tech | By Arthur Brown

Oh my Microsoft Word: Dridex hackers exploit unpatched flaw

Oh my Microsoft Word: Dridex hackers exploit unpatched flaw

FireEye security researchers also said that they were aware of all these attacks that have exploited for several weeks and have synchronized disclosure with Microsoft.

A previously undiscovered exploit in Microsoft Word is being used to spread trojan software called Dridex. Once opened, the exploit connects to a remote server and downloads a file containing a HTML application dressed up as a Microsoft document. Most software vulnerabilities give attackers user level code execution capability. This activity has been going on for months and affects all versions of the MS Office package, including Office 2016 that also came with the Windows 10 Operating System. McAfee traced the attacks all the way to late January. As part of its monthly Tuesday update patch cycle, the Redmond giant has patched the loophole which was being exploited to quietly install malware and extract banking information of Word users. Until you get a patch, McAfee advises users to enable Office Protected View mode and, of course, do not open any Office files from untrusted sources. We were tipped off by a reader who works in the IT security side and he sent us this message from Microsoft Security VP Ryan Barrett.

Within your email filtering solution, such as Intermedia Email Protection, consider temporarily putting a policy in place to block Word documents until Microsoft releases the patch. To the user, the HTA file appears as a Microsoft Rich text document with a.doc extension. It allows applications to embed and link to documents and objects.

The attack involves a threat actor emailing a Microsoft Word document to a targeted user with an embedded OLE2link object.

When will North Park Elementary School reopen in San Bernardino?
Authorities have said the suspect and another adult are dead. "We believe the suspect is down and there's no further threat". San Bernardino was the site of an infamous mass shooting with terror links that killed 14 and wounded 22 in December 2015.

Business users regularly trade Office files via email, a fact that cyber-attackers rely on for their spam and phishing campaigns.

Anti-virus company McAfee has warned that a new malware has recently been able to infiltrate Microsoft Office and it's quite unsafe. This is mainly because, according to McAfee, the malware can not bypass the said Microsoft Office feature.

In a statement sent out to media outlets, a spokesman for the firm said: 'We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically. If you choose to open an attached Word document, extreme caution should be exercised before disabling Protected View. Check the box next to "RTF" to ensure that type of file can not be opened by Microsoft Office.

Like this: