Close Close
Sign In
Newsletters
Popular Financial Topics Discover relevant content from across the suite of ALM legal publications From the Industry More content from ThinkAdvisor and select sponsors Investment Advisor Issue Gallery Read digital editions of Investment Advisor Magazine Tax Facts Get clear, current, and reliable answers to pressing tax questions
Luminaries Awards
Podcast Center Video Center Webcasts Resource Center Events
About ThinkAdvisor Contact Us Advertise With Us Asset & Logo Licensing Sitemap Terms of Service Privacy Policy Copyright © 2024 ALM Global, LLC. All Rights Reserved.
ThinkAdvisor

Financial Planning > UHNW Client Services > Family Office News

Hackers Baiting Victims With Word Docs: McAfee

By Danielle Andrus

X
Your article was successfully shared with the contacts you provided.

Computer viruses come in many forms. McAfee reported on Friday that it had identified a potential zero-day threat for Microsoft Office users.

The security firm detected a vulnerability in Microsoft Office and Word that lets hackers deliver malware to a user’s computer through a Word document. Files are delivered as rich text files with a .doc extension. When users open the file, they’re connected to a remote server, which downloads an HTML file.

That content is “disguised as a normal RTF file to evade security products, but we can find the malicious Visual Basic scripts in a later part of the file,” according to McAfee.

All versions of Office are susceptible to this attack, McAfee found, including the latest version of Office on Windows 10. The problem is rooted in object linking and embedding in Office.

A Microsoft spokesperson said by email that the vulnerability “was addressed in the April security update release today, April 11, 2017, with CVE-2017-0199. Customers who applied the update, or have automatic updates enabled, are already protected.”

In addition to making sure they’re running the most updated version of Microsoft and following the usual guidance about not opening files from unfamiliar sources, McAfee found the attack isn’t able to bypass Office’s Protected View mode, and recommended users make sure it’s enabled when opening files.

— Read On Cybersecurity, Clients Have a Lot to Learn on ThinkAdvisor.

NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.