Hackers are attacking Word users with new Microsoft Office zero-day

    Hackers are attacking Word users with new Microsoft Office zero-day

    Hackers are attacking Word users with new Microsoft Office zero-day


    Posted: 10 Apr 2017

    The bug affects all supported versions of Microsoft Word, but will be fixed this week.

    Attackers are exploiting a previously undisclosed vulnerability in Microsoft Word, which security researchers say can be used to quietly install different kinds of malware -- even on fully-patched computers.

    Unlike most document-related vulnerabilities, this zero-day bug that has yet to be patched doesn't rely on macros -- in which Office typically warns users of risks when opening macro-enabled files.

    Instead, the vulnerability is triggered when a victim opens a trick Word document, which downloads a malicious HTML application from a server, disguised to look like a Rich Text document file as a decoy. The HTML application meanwhile downloads and runs a malicious script that can be used to stealthily install malware.
    A Microsoft spokesperson confirmed that the company will issue a fix for the bug on Tuesday as part of its monthly release of security fixes and patches.
    Hackers are attacking Word users with new Microsoft Office zero-day vulnerability | ZDNet
    Borg 386's Avatar Posted By: Borg 386
    10 Apr 2017


  1. Posts : 5,829
    Win 11 Pro (x64) 21H2
       #1

    This is yet another reason why you pay close attention to received files and links. NEVER open anything suspicious!
      My Computers


  2. Posts : 3,246
    Windows 10 and windows insider
       #2

    Saw this on ZDNET this morning. Never seem safe anymore! Always be on the lookout for anything suspicious - may be malicious.
      My Computer


  3. Posts : 5,478
    2004
       #3

    magilla said:
    Saw this on ZDNET this morning. Never seem safe anymore!
    Use Notepad instead :)
      My Computer


  4. Posts : 34,130
    Win 7 32, Win 7 64 Pro, Win 8.1 64 Pro, Win 10 64 Education Edition
    Thread Starter
       #4

    Microsoft patches Word zero-day booby-trap exploit


    Microsoft Tuesday patched a previously undisclosed Word zero-day vulnerability attackers used to install a variety of malware on victims’ computers.
    Microsoft patches Word zero-day booby-trap exploit Naked Security
      My Computer


  5. Posts : 5,203
    Windows 11 Home
       #5

    WSH, cough, WSH. By simply disabling WSH , you can disable sooo much malware, without AV.

    reg add "HKLM\Software\Microsoft\Windows Script Host\Settings" /v "Enabled" /t REG_DWORD /d "0" /f

    The .hta content is disguised as a normal RTF file to evade security products, but we can find the malicious Visual Basic scripts in a later part of the file:
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 23:53.
Find Us




Windows 10 Forums