The formerly undetected, or "zero day", susceptibility was reported on the weekend. Hackers are allegedly exploiting the vulnerability to target millions of users with Dridex, a notorious malware that steals banking credentials. Furthermore, FireEye says the unpatched vulnerability is able to bypass most mitigations.
Microsoft Office users beware: A new exploit is using fake versions of Office files-like Word documents-to install malware on a victim's computer. It works on all versions of Windows, even Windows 10, and, unlike most other Word exploits, it doesn't require Macros to be enabled.
IT Pro asked Microsoft whether it had seen evidence of the mass email campaign.
Today, Microsoft confirmed to eWEEK that it had patched the flaw.
Microsoft is scheduled to release its monthly security updates on Tuesday, but it's not clear if a patch for this vulnerability will be included.
Sessions outlines border enforcement plan
Jon Feere, a former legal policy analyst for the Center for Immigration Studies, or CIS, has been hired as an adviser to Thomas D. On Tuesday, Sessions also announced they are hiring more immigration judges to help reduce the backlogs in immigration courts.
Sherrod DeGrippo, director of emerging threats at Proofpoint said: "Threat actors continue to demonstrate their flexibility and adaptability".
A scam email campaign was found to be distributing Microsoft Word RTF [Rich Text Format] documents to recipients that contained Dridex. McAfee traced the attacks all the way to late January.
Details on the patch are available in this security advisory (CVE-2017-0199) from Microsoft, which also confirms McAfee's claim that an exploit is in the wild.
By default, MS Word opens files from untrusted sources in Protected View, which disables features that might have malicious functionalities.
Researchers from McAfee were first to discover the bug with, security firm FireEye also reporting on the issue. In other words, the system was compromised even if the user was presented a dialog about the document containing "links that may refer to other files". The attacker was then handed over the capability to remotely gain access to your affected computer while evading Microsoft's memory-based security measures. "In the background, the malware has already been stealthily installed on the victim's system", said McAfee in a blogpost.
Japan to extend unilateral sanctions against North Korea
In a statement, the United Nations body described the conducting of missile tests by Pyongyang as "highly destabilizing behavior". The test comes as South Korea, Japan and the USA wrap up trilateral naval military drills off the Korean Peninsula.
Both companies, however, indicate that the issue has to do with the Windows Object Linking and Embedding (OLE) function, which has been exploited on a number of occasions over the past few years. He added that FireEye has updated its email and network products to detect the attack.
Unfortunately, turning off macros does not protect against this attack, as it uses a logical bug in Microsoft Office.
New discovered Word bug has been exposed and as of the moment, the vulnerability hasn't fixed yet.
"Nervous" One Direction singer Harry Styles releases debut solo single
Those used to the gruff and husk of Harry Styles' One Direction voice might be pleasantly surprised by the new track he dropped on Friday.