Hackers Baiting Victims With Word Docs: McAfee

Computer viruses come in many forms. McAfee reported on Friday that it had identified a potential zero-day threat for Microsoft Office users.

The security firm detected a vulnerability in Microsoft Office and Word that lets hackers deliver malware to a user’s computer through a Word document. Files are delivered as rich text files with a .doc extension. When users open the file, they’re connected to a remote server, which downloads an HTML file.

That content is “disguised as a normal RTF file to evade security products, but we can find the malicious Visual Basic scripts in a later part of the file,” according to McAfee.

All versions of Office are susceptible to this attack, McAfee found, including the latest version of Office on Windows 10. The problem is rooted in object linking and embedding in Office.

A Microsoft spokesperson said by email that the vulnerability “was addressed in the April security update release today, April 11, 2017, with CVE-2017-0199. Customers who applied the update, or have automatic updates enabled, are already protected.”

In addition to making sure they’re running the most updated version of Microsoft and following the usual guidance about not opening files from unfamiliar sources, McAfee found the attack isn’t able to bypass Office’s Protected View mode, and recommended users make sure it’s enabled when opening files.

--- Read On Cybersecurity, Clients Have a Lot to Learn on ThinkAdvisor.

Reprints Discuss this story
We welcome your thoughts. Please allow time for your contribution to be approved and posted. Thank you.