MS Office Zero Day – Another Exploit

There has been a new Zero-Day MS Office exploit in the wild.  All users are vulnerable, including fully patched Windows 10 computers.

The exploit does not even require macros to be enabled making this much more serious than before.  The vulnerability is in the Object Linking and Embedding (OLE).

A RTF format file contains an embedded OLE2link object which tells Word to contact a remote server and download an executable .HTA file, which in turn download additional payloads, restarts word and shows a decoy document.

We are hoping a patch will be issued quickly to mitigate this attack-vector.

Here is some more information:

http://www.theregister.co.uk/2017/04/09/microsoft_word_ole_bug/

https://www.helpnetsecurity.com/2017/04/10/ms-office-zero-day/

Please remind your users to be extra careful when opening or running attachments.

Fort Systems Ltd.

 

About the Author