Malicious hackers have exploited a previously-unknown, unpatched flaw in Microsoft Word, the tech titan has warned.
The attacks took advantage of a freshly-uncovered weakness (a “zero day” flaw) in how Word parses Rich Text Format files combining it with a bypass of Microsoft’s address space layout randomization (ASLR). ASLR is a technology that strengthens security by randomising the memory layout of an executing program, decreasing the probability an exploit will work.
“At this time, we are aware of limited, targeted attacks directed at Microsoft Word 2010,” the firm said in an advisory. Attacks on Word 2013, the latest version of the software, failed.
“The attack detected in the wild is limited and very targeted in nature. The malicious document is designed to trigger a memory corruption vulnerability in the RTF parsing code. The attacker embedded a secondary component in order to bypass ASLR, and leveraged return-oriented-programming [ROP] techniques using native RTF encoding schemes to craft ROP gadgets.”
In any case, the shellcode used in the zero-day attacks would not perform any additional malicious action if there were updates installed after 8 April 2014.
The malware dropped by the shell was a “generic” backdoor, Microsoft said. It was written in Visual Basic 6 and communicated over HTTPS, but could run additional programs when launched.
Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) should block attacks if users can turn it on. Otherwise, they should block RTF files completely or ensure Word opens RTF documents in Protected View, which can be done via Trust Center settings.
A Fix it solution has been made available within the advisory. Mac users running Word are affected too.
Drew Hintz, Shane Huntley, and Matty Pellegrino from the Google security team were credited with finding the attacks.
Are you a security expert? Try our quiz!
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…