|
|
Joined: Apr 2010
Posts: 15,864
Campfire Ranger
|
OP
Campfire Ranger
Joined: Apr 2010
Posts: 15,864 |
In the hacking and security world there is a term called a "zero day" vulnerability. A zero day is when a vulnerability is discovered either by a hacker or by a security professional, and the developer of the software was not aware of it, and has not had time to patch it. Yesterday a zero day vulnerability was discovered in Microsoft Office. Microsoft has not yet released a patch for this. Security companies are aware and developing safeguards. Make sure you keep your security software up to date and accept and apply any updates Microsoft puts out. This will likely come in a Windows update package. Hopefully this will be resolved today. Microsoft Zero Day Information Attackers are exploiting a previously undisclosed vulnerability in Microsoft Word, which security researchers say can be used to quietly install different kinds of malware -- even on fully-patched computers.
Unlike most document-related vulnerabilities, this zero-day bug that has yet to be patched doesn't rely on macros -- in which Office typically warns users of risks when opening macro-enabled files.
Instead, the vulnerability is triggered when a victim opens a trick Word document, which downloads a malicious HTML application from a server, disguised to look like a Rich Text document file as a decoy. The HTML application meanwhile downloads and runs a malicious script that can be used to stealthily install malware.
Researchers at McAfee, who first reported the discovery on Friday, said because the HTML application is executable, the attacker can run code on the affected computer while evading memory-based mitigations designed to prevent these kinds of attacks.
Both McAfee and FireEye -- the latter of which posted a similar report Saturday but said it had held off on a public disclosure while it was coordinating a response with Microsoft -- agreed on the cause of the vulnerability. The issue relates to the Windows Object Linking and Embedding (OLE) function, which allows an application to link and embed content to other documents, according to researchers. The Windows OLE feature is used primarily in Office and Windows' in-built document viewer WordPad, but has been the cause of numerous vulnerabilities over the past few years.
The researchers recently focused a Black Hat talk on the Windows OLE attack surface.
The bug can be exploited on all versions of Office, including the latest Office 2016 running on Windows 10, and have spotted attacks in the wild since January.
A Microsoft spokesperson confirmed that the company will issue a fix for the bug on Tuesday as part of its monthly release of security fixes and patches.
"Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other." - John Adams
Turdlike, by default.
|
|
|
|
|
Joined: May 2003
Posts: 31,273 Likes: 7
Campfire 'Bwana
|
|
Campfire 'Bwana
Joined: May 2003
Posts: 31,273 Likes: 7 |
All the more reason to use Open Office.
Cleverly disguised as a responsible adult.
|
|
|
|
|
Joined: Apr 2010
Posts: 15,864
Campfire Ranger
|
|
OP
Campfire Ranger
Joined: Apr 2010
Posts: 15,864 |
All the more reason to use Open Office. That is a great Office Suite. I also highly endorse Libre Office. Either one will do everything Microsoft can do, and then some. Plus, they're free!
"Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other." - John Adams
Turdlike, by default.
|
|
|
|
|
Joined: Feb 2001
Posts: 50,635
Campfire Kahuna
|
|
Campfire Kahuna
Joined: Feb 2001
Posts: 50,635 |
All the more reason to use Open Office. That is a great Office Suite. I also highly endorse Libre Office. Either one will do everything Microsoft can do, and then some. Plus, they're free! Agreed! And they are not constantly changing basic functions without merit. I despise Word for that.
Mark Begich, Joaquin Jackson, and Heller resistance... Three huge reasons to worry about the NRA.
|
|
|
|
|
180 members (907brass, 17CalFan, 2500HD, 10gaugemag, 257_X_50, 22 invisible),
2,042
guests, and
1,071
robots. |
|
Key:
Admin,
Global Mod,
Mod
|
|
|
Forums81
Topics1,192,502
Posts18,490,503
Members73,972
| |
Most Online11,491
Jul 7th, 2023
|
|
|
|
