'Millions' of Microsoft Word users hit with banking virus exploiting unpatched vulnerability

'Millions' of Microsoft Word users hit with banking virus exploiting unpatched vulnerability

'Millions' of Microsoft Word users hit with banking virus exploiting unpatched vulnerability

McAfee and FireEye both released advisories warning of the attacks, which make use of an unusual technique that involves booby-trapped Word documents sent to unsuspecting victims.

Researchers at McAfee, who first reported the discovery Friday, said because the HTML application is executable, the attacker can run code on the affected computer while evading memory-based mitigations created to prevent these kinds of attacks.

An unpatched vulnerability in Microsoft Word is being exploited to forward Dridex malware to millions of unsuspecting users.

Critical vulnerabilities have also been patched in Hyper-V, Microsoft's virtualization hypervisor that's included in Windows Server 2008, 2012 and 2016, as well as in Windows 8.1 and 10.

Security researchers at McAfee were the first to publish information about the vulnerability, stating that the earliest attacks of this kind it has seen dates back to January this year.

The new vulnerability bug of Microsoft said to be a unsafe malware attack, according to McAfee anti-virus company.

In all, Microsoft released 15 updates on Tuesday patching dozens of individual flaws in software, including the Windows operating system, Exchange Server, and Adobe Flash.

In surprise move, Iran's Ahmadinejad to run for president
The former president's chances at recapturing the office, though, seem highly unlikely - at least from a qualifying standpoint. The council is typically responsible for disqualifying the majority of registrants for making it to the final candidates list.

A long, tearful road to a major for Sergio Garcia
Garcia has been plagued by self doubt in the majors and once said he did not have what it takes to be a major victor . He fell out of the race on the front nine by shooting a 38, then added two more bogeys and a double through 14.

Macron favorite in French election, Le Monde poll says
Far-left candidate Jean-Luc Melenchon, who has the backing of the Communists, rounds out the field. "Nationalism is war", he said. The final result of an election that is being watched closely around the world is still seen as highly unpredictable.

In its advisory, Microsoft notes, "A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files". However, Microsoft is aware of the vulnerability and we can expect a patch in the near future.

As soon as the file is opened, the PC downloads a file with HTML application, which enables the hackers to take over the victim's system entirely and access all its data. It allows applications to embed and link to documents and objects.

"The successful exploit closes the bait Word document, and pops up a fake one to show the victim".

But FireEye believes these attacks only began after the McAfee blog post and likely reverse engineered the vulnerability from the blog post. However, some users find Protected View noisome and disable it.

"This represents a significant level of agility and innovation for Dridex actors who have primarily relied on macro-laden documents attached to emails", said Proofpoint researchers, in an analysis of the offensive.

Enable Office Protected View since this attack can not bypass it.

"We want to deal with this through an upgrade on Tuesday April 11, and customers that have upgrades empowered will be protected mechanically", said a Microsoft spokesman.

Related news