Beware of the Office documents you open until Tuesday

McAfee researchers have discovered an unknown vulnerability in Microsoft Word (Office application), which can be used to install different kinds of malware even on fully-updated computers.

Unlike most Office vulnerabilities this zero-day bug (not yet patched) does not use macros. Macros in Office are a known application vulnerability.office

Η ευπάθεια ενεργοποιείται όταν το θύμα ανοίγει ένα πειραγμένο έγγραφο του Word, το οποίο κατεβάζει μια κακόβουλη εφαρμογή HTML από ένα διακομιστή, που είναι μεταμφιεσμένη για να μοιάζει με ένα αρχείο Rich Text document. Η εφαρμογή HTML κατεβάζει και τρέχει ένα κακόβουλο which can be used to install malware.

McAfee researchers, who first discovered and published the vulnerability on Friday, say that because the HTML application is executable, an attacker can execute on each computer and can avoid memory mitigations designed to prevent such attacks.

McAfee and (the latter published a similar warning on Saturday) agreed on the cause of the vulnerability. The issue is related to the Windows Object Linking and Embedding (OLE) feature, which allows an application to link and embed content in other documents, according to the researchers. The Windows OLE feature is mainly used in Office and Windows, it is built into the , and is the cause of many vulnerabilities over the past few years.

Researchers report that the bug can be exploited in all versions of Office, including the latest Office 2016 running on Windows 10, and have identified such attacks in since January.

A Microsoft spokesman confirmed that the company will issue an update on the error on Tuesday as part of the monthly release of updates.

iGuRu.gr The Best Technology Site in Greecefgns

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).