Monday, December 23
Shadow

Tag: Vulnerability

Critical Word 0-day is only 1 out of 3 Microsoft bugs under attack

Critical Word 0-day is only 1 out of 3 Microsoft bugs under attack

Technology
A zero-day code-execution vulnerability in Microsoft Office is one of three critical flaws under active attack in the wild, Microsoft warned Tuesday as it rolled out a batch of updates that plug the security holes. Further Reading Microsoft Word 0-day used to push dangerous Dridex malware on millions As reported earlier, attackers are exploiting the flaw to infect unsuspecting Word users with bank-fraud malware known as Dridex. Blog posts published Tuesday morning by security firms Netskope and FireEye reported that attackers are exploiting the same bug to install malware with the names Godzilla and Latenbot. Ryan Hanson, a researcher at security firm Optiv and the person Microsoft credited with reporting the critical bug, said exploits can execute malicious code even w...
Email-based attacks exploiting unpatched vulnerability in Microsoft Word

Email-based attacks exploiting unpatched vulnerability in Microsoft Word

Technology
Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware. The first report about the attacks came Friday from antivirus vendor McAfee after the company's researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects "all Microsoft Office versions, including the latest Office 2016 running on Windows 10." The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post. When the rogue documents used in this attack are opened, they reach out to an exte...