Booby-trapped documents exploiting a critical zero-day vulnerability in Microsoft Word have been sent to millions of people around the world in a blitz aimed at installing Dridex, now one of the most unsafe bank fraud threats on the Internet. Targets are sent a Microsoft Word document that contains HTML application content executed as an.hta file, giving the attackers the ability to execute code on the targeted machine. They would have to click on "Enable Editing" before this can be done thanks to Microsoft Word's "Protected View" safety net for documents downloaded from the web or emails.
"The exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10", McAfee said in an advisory, adding it has seen exploits being carried out since late January. "New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign that relied on this new exploit", he said. In the hours leading up to Microsoft releasing the patch, researchers found attacks using the vulnerability to spread the Dridex banking Trojan. Until Microsoft releases its patch, the only way to avoid being infected by the bug is to avoid email attachments from Microsoft Word.
Iran's Ahmadinejad registers to run for president
Ahmadinejad's populist approach and humble roots mean that he remains a popular figure among poorer sections of society. When asked why he had consistently denied intending to run in recent months, the former president reacted with a smile.
In the meantime, McAfee has warned users not to open Microsoft Office files obtained from untrusted sources.
Finally, a remote code execution vulnerability has been fixed in the Microsoft.NET Framework.
The ultimate solution here is to install Microsoft's patch as soon as possible.
Fox investigating sexual harassment claim against O'Reilly
He said people like him are "vulnerable to lawsuits" from individuals who wants him to pay them to avoid negative publicity. Walsh and her lawyer had a two-hour interview over the phone with four lawyers representing Fox News.
According to the researchers, a victim opening a suspicious Word file - embedded with an OLE2link object - in an email would trigger winword.exe to initiate an HTTP request to the attacker's remote server.
The vulnerability was first discovered by researchers at McAfee, who detailed the bug in more detail last Friday.
In both mentioned documents the malicious script stopped the winword.exe process, downloaded extra payload (s), and burdened a fake document for the user to view. The flaw allows attackers to bypass the exploit mitigations in even the most recent version of Windows. Also, the attack can not bypass the Protected View in Word, so McAfee suggested enabling this view mode when opening documents just to be sure.
Kate Middleton Visits Sister Pippa To Help With Wedding Preparations
Some say it's because Vogue's relationship with Pippa's future brother-in-law, Spencer Matthews, is so new. Kate looked chic and elegant on her floral print dress, which she matched with a pair of black heels.