Microsoft Patches Problem In App That Spread Malware — Microsoft Office Hack



The formerly undetected, or "zero day", susceptibility was reported on the weekend. Hackers are allegedly exploiting the vulnerability to target millions of users with Dridex, a notorious malware that steals banking credentials. Furthermore, FireEye says the unpatched vulnerability is able to bypass most mitigations.

Microsoft Office users beware: A new exploit is using fake versions of Office files-like Word documents-to install malware on a victim's computer. It works on all versions of Windows, even Windows 10, and, unlike most other Word exploits, it doesn't require Macros to be enabled.

IT Pro asked Microsoft whether it had seen evidence of the mass email campaign.

Today, Microsoft confirmed to eWEEK that it had patched the flaw.

Microsoft is scheduled to release its monthly security updates on Tuesday, but it's not clear if a patch for this vulnerability will be included.

Sessions outlines border enforcement plan
Jon Feere, a former legal policy analyst for the Center for Immigration Studies, or CIS, has been hired as an adviser to Thomas D. On Tuesday, Sessions also announced they are hiring more immigration judges to help reduce the backlogs in immigration courts.

Sherrod DeGrippo, director of emerging threats at Proofpoint said: "Threat actors continue to demonstrate their flexibility and adaptability".

A scam email campaign was found to be distributing Microsoft Word RTF [Rich Text Format] documents to recipients that contained Dridex. McAfee traced the attacks all the way to late January.

Details on the patch are available in this security advisory (CVE-2017-0199) from Microsoft, which also confirms McAfee's claim that an exploit is in the wild.

By default, MS Word opens files from untrusted sources in Protected View, which disables features that might have malicious functionalities.

Researchers from McAfee were first to discover the bug with, security firm FireEye also reporting on the issue. In other words, the system was compromised even if the user was presented a dialog about the document containing "links that may refer to other files". The attacker was then handed over the capability to remotely gain access to your affected computer while evading Microsoft's memory-based security measures. "In the background, the malware has already been stealthily installed on the victim's system", said McAfee in a blogpost.

Japan to extend unilateral sanctions against North Korea
In a statement, the United Nations body described the conducting of missile tests by Pyongyang as "highly destabilizing behavior". The test comes as South Korea, Japan and the USA wrap up trilateral naval military drills off the Korean Peninsula.

Both companies, however, indicate that the issue has to do with the Windows Object Linking and Embedding (OLE) function, which has been exploited on a number of occasions over the past few years. He added that FireEye has updated its email and network products to detect the attack.

Unfortunately, turning off macros does not protect against this attack, as it uses a logical bug in Microsoft Office.

In its advisory, Microsoft notes, "A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files".

New discovered Word bug has been exposed and as of the moment, the vulnerability hasn't fixed yet.

"Nervous" One Direction singer Harry Styles releases debut solo single
Those used to the gruff and husk of Harry Styles' One Direction voice might be pleasantly surprised by the new track he dropped on Friday.

Recommended News

  • Russian Federation metro explosion: One suspect in St. Petersburg subway blast identified

    Russian investigators found DNA that identified the suicide bomber as a 22-year-old Kyrgyz Russian citizen, Akbarzhon Dzhalilov. The statement did not disclose whether Dzhalilov had accomplices or connections to the Islamic State or other terrorist groups.
    Canadian tariff impacts WI dairy farmers

    Canadian tariff impacts WI dairy farmers

    The controversial policy has re-priced Canadian milk products in ways that have directly impacted demand for imported products. Canada is no longer accepting the milk due to the country's new Class 7 pricing policy .
    Amazon Launches Fire TV Media Streamer With Alexa Remote in the UK

    Amazon Launches Fire TV Media Streamer With Alexa Remote in the UK

    It also has more stable, stronger 802.11ac Wi-Fi, the new Fire TV user interface and comes bundled with an Alexa Voice Remote. It features a new quad-core processor that makes it 30 percent faster than the previous version, according to the company.
  • Russian Federation  and Iran request an 'unbiased investigation' into Syrian chemical attack

    Russian Federation and Iran request an 'unbiased investigation' into Syrian chemical attack

    Officials are hoping that this can be leveraged to bring a new diplomatic push to end the 6-year-old civil war in Syria. The defence secretary said Moscow must be part of the solution to ending the "needless suffering" of Syrian civilians.

    Alabama Supreme Court allows impeachment of governor to proceed

    The JIC returned saying Shaul's appointment by Bentley in January was an unwaivable, conflict and that his recusal was required. Lawyers for both sides must file briefs with the Supreme Court by Monday morning, but it appears impeachment can proceed.

    Northern Neck hospital damaged in storm; NWS investigating possible tornado

    Friday looks to be the coolest day, as high temps will be in the upper 60's as the center of the High passes just to our north. The weather service said that further surveys of the damage caused by Thursday's storms will be conducted Friday.
  • EU Council Chief: Brexit Talks to Prove Difficult, 'Confrontational

    EU Council Chief: Brexit Talks to Prove Difficult, 'Confrontational

    But she also reiterated her warning that failure to reach a trade deal would hamper security ties. The EU wants to wait until exit terms are finalised before starting trade talks.

    Griezmann leaves it late to deny Real in derby

    Sevilla got a goal in the first minute by Stevan Jovetic, and overcame a double by Gael Kakuta, to end a six-game winless streak. Atletico can turn with confidence still high to the Champions League, where it hosts Leicester on Tuesday in the quarterfinals.
    Las Vegas sports gambler Walters convicted of insider trading

    Las Vegas sports gambler Walters convicted of insider trading

    As the verdict was returned on 10 counts of conspiracy, securities fraud and wire fraud, Walters shook his head repeatedly. Jurors found Walters earned some $43 million over six years based on illegal tips from his golfing pal Tom C.
  • Google blocks invasive Burger King ad from taking over Google Home

    Google blocks invasive Burger King ad from taking over Google Home

    Interestingly, it looks like Burger King edited that entry to get it to include the Whopper's ingredient list. The phrase is meant to get Google Home to read the first sentence of the Whopper's Wikipedia entry .

    Ibrahimovic inspiration keeps Man United in top-four race

    Sunderland look doomed but Moyes, who has now sent his observations on "Slapgate" to the FA, refuses to throw in the towel. Matteo Darmian is at right-back over Ashley Young while David De Gea misses out - Sergio Romero plays in goal.
    1 person dead after shooting near mall in South Florida

    1 person dead after shooting near mall in South Florida

    Employees of other stores and restaurants were seen leaving about an hour after the shooting, once the scene was secure. Wilson had apparently been let go by the Equinox fitness center in Coral Gables but showed up Saturday in his uniform.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.