A new zeroday attack is exploiting a flaw in Microsoft Word and infects fully patched devices with malware.

This method of infection was announced by FireEye, a security firm that published a blog post about it this Saturday. Apparently, the attack starts with an email that arrives with an infected Word document attached. After its opening, an exploit code from the inside of the document connects to the server controlled by an attacker. Next, a malicious HTML app is downloaded, but it’s still being disguised, and it looks like a Microsoft’s Rich Text Format. Under the surface, the malware works on downloading other malware and spreads the infection even further.

This is not a new kind of attack, but this method is different and important for several reasons. First, it can bypass almost all of the exploit mitigations, and this is something that’s especially alarming, since it allows it to work against pretty much any system, including Windows 10, which is Microsoft’s most secure system so far. Next, this attack is different than the previous ones that tried to exploit Word flaws, and it doesn’t need for their targets to enable macros. Also, before the attack ends, a new Word document is opened. This is done in order to hide the fact that the attack just took place.

The attacks were first reported by a security firm McAfee around Friday night, and they described it in the blog post.

FireEye has stated that they’ve been discussing the flaw with Microsoft for several weeks and that they haven’t published anything before so that Microsoft would have time to work on a patch. Still, after McAfee released the details about the flaw, FireEye decided to publish their own blog post.

The earliest attack that the researchers of McAfee had managed to discover was back in January, and the security update is supposed to be released this Tuesday.

So far, zeroday attacks have mostly been used against individuals that have been known to work for a government agency, contractor or similar organization that can be attractive to cyber criminals. However, after the vulnerability has become public knowledge, this sort of attacks are known to start targeting larger masses.

The only advice that can be given in this type of situation is to be extra careful about documents that arrive by email, even if the sender is known to you. There’s also an Office feature called Protected View, and the attacks were unable to work when the document was opened by using this method. Other ways of opening potentially infected documents have not been confirmed as safe.

19 COMMENTS

  1. I do not know whether it’s just me or if everybody else experiencing
    problems with your site. It appears as though some of the text within your content are running off the screen. Can someone else please comment and let
    me know if this is happening to them too? This could be a problem with my web browser because
    I’ve had this happen previously. Appreciate it

  2. 177168 179915Aw, i thought this was an very very good post. In thought I would like to invest writing in this way moreover – taking time and actual effort to manufacture a extremely good article but exactly what do I say I procrastinate alot and no indicates apparently go completed. 362002

  3. Thank you for every other informative website. The place else may I get that type of information written in such a perfect method?
    I have a mission that I am just now working on, and I’ve been on the look out
    for such info.

  4. What’s up to all, how is all, I think every one is getting more from
    this website, and your views are fastidious designed for
    new viewers.

  5. 855282 385096Excellent artical, I unfortunately had some troubles printing this artcle out, The print formating looks a bit screwed more than, something you may want to look into. 163452

  6. Uno de los motivos por los que es importante prestar atención a la disfunción eréctil es porque puede ser la primera señal de una enfermedad cardiovascular.

  7. Your style is so unique in comparison to other folks I’ve read stuff from.
    I appreciate you for posting when you have the opportunity, Guess I will just
    bookmark this page.

  8. I like what you guys tend to be up too. This type of clever work and exposure!
    Keep up the very good works guys I’ve incorporated
    you guys to my blogroll.

  9. Howdy! Someone in my Facebook group shared this website with us so
    I came to give it a look. I’m definitely loving the information. I’m bookmarking and will be tweeting this
    to my followers! Excellent blog and great design.

  10. Attractive section of content. I simply stumbled upon your website and in accession capital to claim that I get
    in fact enjoyed account your weblog posts. Any way I will
    be subscribing in your augment or even I success you access persistently rapidly.

  11. Good day! This post could not be written any better! Reading this post reminds me of my old room mate!
    He always kept chatting about this. I will forward this page
    to him. Fairly certain he will have a good read. Thank you for sharing!

  12. all the time i used to read smaller articles or reviews that
    as well clear their motive, and that is also happening with this paragraph which I am reading here.

  13. Hi there Dear, are you in fact visiting this site daily, if so then you will without doubt
    obtain nice know-how.

  14. Very good written story. It will be useful to anybody who usess it, as well as me. Keep doing what you are doing – i will definitely read more posts.

  15. 820516 574561Previously you need to have highly effective web business strategies get you started of getting into topics suitable for their web-based organization. educational 349262

  16. Appreciating the dedication you put into your website and detailed
    information you present. It’s good to come across a blog every once in a while that isn’t the same out of date rehashed material.

    Fantastic read! I’ve bookmarked your site and I’m including your RSS feeds to my Google account.

LEAVE A REPLY

Please enter your comment!
Please enter your name here