New Microsoft Word Threat Discovered
Just yesterday I warned against a scam alert and now here is yet another threat that involves Microsoft Word. We live in scary times dedicated readers.
You might want to be extra careful about what files you open in Word over the next few days: Attackers are exploiting a previously undisclosed vulnerability in Microsoft Office to sneak malware into your system.
The zero-day bug fundamentally relies on infected Word documents, which then download malicious HTML applications disguised as make-belief Rich Text files. Once executed, the HTML application connects to a remote server and runs a custom script designed to stealthily install malware.
What is particularly worrying is that unlike regular macro hacks – which Office generally warns against when opening macro-enabled documents – the attack vector makes it difficult to prevent potential attacks.
This latest threat has to do with the Windows Object Linking and Embedding (OLE) function, which has been exploited on a number of occasions over the past few years.
The vulnerability affects all versions of Office, including the latest Office 2016 for Windows 10, according to the researchers.
Fortunately, a Microsoft spokesperson has confirmed that Microsoft will eliminate the issue with the release of its upcoming monthly update later on Tuesday, April 11.
Until then users should only run Office in Protected View mode as well as to refrain from opening any Office files obtained from untrusted locations.