Security researchers over at McAfee have found that attackers are exploiting an unpatched vulnerability within Microsoft Office, which allows for full control to be taken of the victim’s PC.
Be careful when opening that next Word document you receive; it might become a gateway for cybercriminals to hack into your computer and install malware.
Security researchers over at security firm McAfee are warning Office users regarding a zero-day security flaw within the productivity suite, which has been used by criminals to attack unsuspecting people since January.
The firm recently detected suspicious Word documents packaged as .rtf files, which when executed, drop the malicious payload. The exploit works by connecting to a remote server controlled by the hackers, which will download a file containing HTML Application content. It will then run as a.hta file.
The file will now be responsible for giving the attacker full access to the victim’s machine. « This is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft », writes Haifei Li of McAfee.
Home
United States
USA — software Zero-day vulnerability within Microsoft Office lets attackers install malware