Malicious hackers have exploited a previously-unknown, unpatched flaw in Microsoft Word, the tech titan has warned.
The attacks took advantage of a freshly-uncovered weakness (a “zero day” flaw) in how Word parses Rich Text Format files combining it with a bypass of Microsoft’s address space layout randomization (ASLR). ASLR is a technology that strengthens security by randomising the memory layout of an executing program, decreasing the probability an exploit will work.
“At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010,” the firm said in an advisory. Attacks on Word 2013, the latest version of the software, failed.
“The attack detected in the wild is limited and very targeted in nature. The malicious document is designed to trigger a memory corruption vulnerability in the RTF parsing code. The attacker embedded a secondary component in order to bypass ASLR, and leveraged return-oriented-programming [ROP] techniques using native RTF encoding schemes to craft ROP gadgets.”
In any case, the shellcode used in the zero-day attacks would not perform any additional malicious action if there were updates installed after 8 April 2014.
The malware dropped by the shell was a “generic” backdoor, Microsoft said. It was written in Visual Basic 6 and communicated over HTTPS, but could run additional programs when launched.
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) should block attacks if users can turn it on. Otherwise, they should block RTF files completely or ensure Word opens RTF documents in Protected View, which can be done via Trust Center settings.
A Fix it solution has been made available within the advisory. Mac users running Word are affected too.
Drew Hintz, Shane Huntley, and Matty Pellegrino from the Google security team were credited with finding the attacks.
Are you a security expert? Try our quiz!
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…