'Millions' of Microsoft Word users hit with banking virus exploiting unpatched vulnerability

'Millions' of Microsoft Word users hit with banking virus exploiting unpatched vulnerability

'Millions' of Microsoft Word users hit with banking virus exploiting unpatched vulnerability

McAfee and FireEye both released advisories warning of the attacks, which make use of an unusual technique that involves booby-trapped Word documents sent to unsuspecting victims.

Researchers at McAfee, who first reported the discovery Friday, said because the HTML application is executable, the attacker can run code on the affected computer while evading memory-based mitigations created to prevent these kinds of attacks.

An unpatched vulnerability in Microsoft Word is being exploited to forward Dridex malware to millions of unsuspecting users.

Critical vulnerabilities have also been patched in Hyper-V, Microsoft's virtualization hypervisor that's included in Windows Server 2008, 2012 and 2016, as well as in Windows 8.1 and 10.

Security researchers at McAfee were the first to publish information about the vulnerability, stating that the earliest attacks of this kind it has seen dates back to January this year.

The new vulnerability bug of Microsoft said to be a unsafe malware attack, according to McAfee anti-virus company.

In all, Microsoft released 15 updates on Tuesday patching dozens of individual flaws in software, including the Windows operating system, Exchange Server, and Adobe Flash.

Peter Capaldi knew his time was up in Doctor Who
Pearl - who plays Bill Potts in the new series - looked visibly shocked as she turned to Fern, who was biting her lip awkwardly. In the end, any Doctor Who story has such catastrophe going on in it, that he could be the one that gets the rock on his head.

North Korea calls US strikes on Syria 'unforgivable'
Proud mother Ivanka Trump, and her husband Jared Kushner, a close aide to President Trump, put the video on social media. This stands in great contrast with the strident Russian condemnation and denial of facts on the chemical attack itself.

Trump tells newspaper Obama aide might have broken the law
Ben Rhodes dismissed the controversy swirling around Rice over the "unmasking" of Trump officials in intelligence reports. On Wednesday, she said of Trump's comments, "I'm not going to dignify the president's ludicrous charge with a comment".

In its advisory, Microsoft notes, "A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files". However, Microsoft is aware of the vulnerability and we can expect a patch in the near future.

As soon as the file is opened, the PC downloads a file with HTML application, which enables the hackers to take over the victim's system entirely and access all its data. It allows applications to embed and link to documents and objects.

"The successful exploit closes the bait Word document, and pops up a fake one to show the victim".

But FireEye believes these attacks only began after the McAfee blog post and likely reverse engineered the vulnerability from the blog post. However, some users find Protected View noisome and disable it.

"This represents a significant level of agility and innovation for Dridex actors who have primarily relied on macro-laden documents attached to emails", said Proofpoint researchers, in an analysis of the offensive.

Enable Office Protected View since this attack can not bypass it.

"We want to deal with this through an upgrade on Tuesday April 11, and customers that have upgrades empowered will be protected mechanically", said a Microsoft spokesman.

Related news