A vulnerability of Microsoft Office might allow malware to enter the users’ computers and steal valuable information. The attack comes under the form of corrupted files which look like Word documents and contain the malware. A report developed by McAfee offers details on the attack and on what users can do to protect themselves.
The malware makes use of a Microsoft Office vulnerability
The first attacks were reported in January, but Microsoft has not disclosed yet what Office vulnerability the hackers used. The attack affected all Office versions, including the latest 2016 version which is available for Windows 10.
The attack starts with a fake Word file which is sent by the hacker to a user. If the user opens this file, then it downloads automatically an HTML file directly from the server of the hacker. This file is disguised as an RTF, but it runs as a .hta. This is the moment when the hacker gains full control of the computer of the user.
McAfee described the attack as such in their report:
“Thus, this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft.”
In the end, a fake document opens on the computer of the victim, but this happens after the malware had gained access. The report suggest that the Office vulnerability must be related with the Windows Object Linking and Embedding. Microsoft did not ignore this issue and prepared a patch to fix the vulnerability.
How to keep yourself protected
Until you get the patch which will get you protected, there are several things that you can do to avoid downloading malware on your computer. First of all, do not open any suspicious documents which come from a location you don’t know. Also, it seems that the attack cannot pass Office Protected View.
Malware becomes more widespread and many such threats target all types of systems and devices. After the discovery of many mysterious malware which go undetected and cause great damage, companies developed a lot of tools which protect users against malware.
Usually, these attacks target big companies. Also, fighting malware might prove expensive. However, companies are willing to put themselves to such an expense, but get their data protected. To have your data safe at home, make sure that you use all the protective tools available for a personal device, and be careful with suspicious files.
Image Source: Flickr