Categories: Software

Attackers Target Unpatched Microsoft Word Flaw

All supported versions of Microsoft Word are vulnerable to an unpatched bug that is being actively exploited to infect users’ systems, two security firms warned over the weekend.

McAfee and FireEye both released advisories warning of the attacks, which make use of an unusual technique that involves booby-trapped Word documents sent to unsuspecting victims.

Malware download

When a user opens the document – specifically, an RTF file with a .doc extension – an OLE2link object embedded in the file causes Word to connect to an attacker-controlled online address and download and execute an HTML application file, researchers said.

The .hta executable bypasses memory-based mitigations put into place by Microsoft and gives attackers the ability to execute arbitrary code on the victim’s system, McAfee said.

The exploit also downloads and displays a fake Word document to the user to conceal a user prompt generated by the OLE2link object, FireEye said.

“The exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10,” McAfee said in an advisory, adding it has seen exploits being carried out since late January.

Patch on the way this week

While Word-based attacks are most commonly carried out using macros, this exploit is unusual in that it makes use of Windows’ Object Linking and Embedding (OLE) feature, researchers said.

McAfee said it identified the attacks on Thursday and decided to release its advisory immediately, which appeared late on Friday.

FireEye said it had previously notified Microsoft of the issue and was coordinating disclosure with the release of a patch, but issued its advisory after the problem was made public.

Microsoft confirmed it is planning to fix the issue in a patch set to be released with its scheduled monthly update on Tuesday.

Experts advised users to avoid opening Word documents from untrusted sources and to apply the patch when it becomes available.

Do you know all about security in 2017? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Apple, Google Mobile Ecosystems Should Be Investigated, CMA Told

CMA receives 'provisional recommendation' from independent inquiry that Apple,Google mobile ecosystem needs investigation

1 day ago

Australia Rejects Elon Musk Claim About Social Media Ban For Under-16s

Government minister flatly rejects Elon Musk's “unsurprising” allegation that Australian government seeks control of Internet…

1 day ago

Northvolt Files For Bankruptcy Protection In US

Northvolt files for Chapter 11 bankruptcy protection in the United States, and CEO and co-founder…

2 days ago

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

2 days ago

Former Policy Boss At X, Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

2 days ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

2 days ago