Watch out for infected Word documents, there's a new zero-day exploit

Posted on Monday, Apr 10 2017 @ 12:21 CEST by Thomas De Maesschalck
MS logo
It may pay to be suspicious of Word documents you receive via the Internet as there's a new zero-day exploit that affects most or all versions of Word. Security experts warn malware creators are actively abusing the vulnerability, it allows the infection of fully-patched Windows 10 systems and at the moment there's no security update to plug the hole. What's remarkable about the attack is that it bypasses most exploit mitigation and also the fact that it doesn't require macro support to be enabled.

Victims are not made aware of the attack as the exploit opens a decoy Word document to hide any sign of infection. McAfee security researchers claim the earliest attacks date back to January. It's unknown if Microsoft will patch the bug tomorrow on Patch Tuesday. In the meantime, users are advised to ignore suspicious Word documents or to open them in Protected View:
People should be highly suspicious of any Word document that arrives in an e-mail, even if the sender is well known. The attacks observed by McAfee are unable to work when a booby-trapped document is viewed in an Office feature known as Protected View. Those who choose to open an attached Word document should exercise extreme caution before disabling Protected View. There's no word yet if use of Microsoft's Enhanced Mitigation Experience Toolkit prevents the exploit from working.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.

Loading Comments