McAfee researchers have discovered an unknown vulnerability in Microsoft Word (Office application), which can be used to install different kinds of malware even on fully-updated computers.
Unlike most vulnerabilities του Office αυτό το zero-day bug (δεν έχει επιδιορθωθεί ακόμα) δεν uses macros. Macros in Office are a known application vulnerability.
Vulnerability is triggered when the victim opens a dumb Word document that downloads a malicious HTML application from a server that is disguised to resemble a Rich Text document. The HTML application downloads and runs a malicious script that can be used to install malware.
McAfee researchers, who first discovered and published vulnerability on Friday, report that because the HTML application is executable, the attacker can run code on each computer and can avoid memory mitigation designed to prevent this attacks.
McAfee and FireEye (η τελευταία δημοσίευσε μια παρόμοια προειδοποίηση το Σάββατο) συμφώνησαν για την αιτία της ευπάθειας. Το θέμα σχετίζεται με τη λειτουργία Windows Object Linking and Embedding (OLE), which allows an application to link and embed content in other documents, according to the researchers. The Windows OLE feature is used primarily in Office and Windows, is built into WordPad, and has been the cause of many vulnerabilities over the past few years.
Researchers report that the bug can be exploited in all versions of the Office, including the latest Office 2016 running on Windows 10, and have detected such attacks on the Internet since January.
A Microsoft spokesman confirmed that the company will issue an update on the error on Tuesday as part of the monthly release of updates.