Here's why you should be wary of Microsoft Word attachments right now

Elizabeth Williams
April 23, 2017

The yet-to-be-patched vulnerability lets hackers remotely execute code on a targeted computer by luring users into opening a Word document which contains an embedded exploit.

Proofpoint said it's testing revealed computers infected with the malware to be "fully exploited" and recommended that "because of the widespread effectiveness and rapid weaponisation of this exploit, it is critical that users and organisations apply the patch as soon as possible".

Researchers at McAfee said that, unlike common Word document attacks, this flaw doesn't rely on macros to execute.

However, this zero-day exploit, which affected all versions of Office, worked differently than traditional Word-related vulnerabilities which involve the documents itself.

The attack was capable of bypassing numerous mitigation systems built into Microsoft Office and Windows created to stop malicious files from executing. McAfee has been in contact with Microsoft and the company is expected to release an update to the anti-virus app that further closes the flaw this week for its habitual Patch Tuesday bug release, BBC has reported.

Arkansas begins 'run' of executions
Pulaski County Circuit Judge Alice Gray had ordered a halt on the drug for executions, but she was overruled by the U.S. The state also has had to face criticism from drug companies unhappy that their products may be used in executions.

Cities across Canada prepare to join other worldwide in March for Science
Demonstrations are also scheduled in US cities including San Francisco, along with smaller towns like Dillingham, Alaska. More than a 1,000 science enthusiasts came together in Fort Worth on Earth Day to march in support of science.

Queen Elizabeth II's birthday: Her 91 years in pictures
She's the longest-serving British monarch ever , breaking the record set by Queen Victoria, her great-great grandmother, in 2015. The Queen is already the oldest monarch to have reigned in Britain - and today she turns 91.

"We work very closely with Microsoft on a regular basis ... Although attacks relying on document exploits are increasingly uncommon, they certainly remain in attackers' toolkits", comments Sherrod DeGrippo, director of Emerging Threats for Proofpoint.

To mitigate the security flaw, users should download the most recent patch from Microsoft.

Worryingly, the vulnerability now remains active, but Microsoft has pledged the bug will be nixed when the monthly security update rolls out on April 11. Disabling Macros does not offer any protection.

Details of the vulnerability were first released by McAfee and FireEye over the weekend.

Once the damage is done, a fake Word document is shown to the user, but at that point it is too late-malware is already installed on the machine. Also, users are urged to activate or enable Microsoft Office's Protected View. When the user begins the document, winword.exe concerns an HTTP request to a remote server to recover a malicious.hta file, which seems as a fraudulent RTF file. Also, you should refrain yourself from obtaining Office files from untrusted locations.

Other reports by VgToday

Discuss This Article