Blogs and Posts

blog

Beware: New Microsoft Office Vulnerability Installs Malware Through a Fake Word Doc File

  • By: Garry Feldman
  • Date: May 3, 2017

Microsoft and McAfee have sent out an all-points-bulletin on a Microsoft Office-based vulnerability that allows malware to completely take over an infected system. The malware enters the victim’s computer through a fake Word document, or possibly another type of fake Office file.

Anyone who attempts to open one of these malicious fake files will be exposing their system to an HTML application that quickly downloads and then executes as a .hta file, which is disguised as an RTF document. When this application starts, the attacker then has the ability to assume complete code execution control over the infected computer.

Since the exploit could potentially affect any of the millions of Microsoft Office users, including owners of Office 2016, the company has advised users to be wary of any suspicious files sent from unknown sources. Users can also activate the Office Protected View feature to open suspected documents while preventing them from accessing the system. Microsoft has delivered a patch on the zero day exploit since its discovery, so users should also be sure to update Office to the latest version.

Vulnerabilities like these illustrate the need for cybersecurity services that include real-time, proactive malware scans and up-to-date management based on the latest patches and announcements.

How the Fake Doc Exploit Works

McAfee discovered the exploit after users had reported its effects, and to prevent its spread.

According to the released McAfee report, the exploit is “a logical bug,” one that allows attackers, “to bypass any memory-based mitigations developed by Microsoft.” In other words, the exploit flies under the radar of most security functions by working using the system’s own logic against itself. By the time the malicious application is in the system’s memory, it is too late, and must be carefully removed.

Adding insult to injury, the exploit eventually does open a fake Word document to display to the user. The user may notice unusual qualities to this document, but at that point their system is already infected. Malware-infected systems can be used to commit fraud, such as using saved personal information to open up lines of credit. They may also help spread malware to others through hijacked accounts.

Removing these infections is time-consuming, difficult and costly, so prevention is the best approach.

Prevent Infections and Avoid Vulnerabilities with Cybersecurity Services and Consulting

Unfortunately, some infections are inevitable if they involve zero-day exploits — vulnerabilities people have no warning about until they already happen. Even then, cybersecurity services can help proactively identify infected systems, contain them and warn others against actions that can spread infections to other workstations or even throughout the entire network.

The only way an organization can be truly protected and prepared for exploits like the one affecting Office users is through partnering with a cybersecurity services company. Through consulting, around-the-clock monitoring software, implementation of a Virtual Private Network (VPN) and other methods, your company and your employees can all reduce their risk of being affected by malicious software.

White Papers

Blog Archive

Blog Archives
Categories
Newsletter

Connect with USCC