Alert! Microsoft Office Zero-Day Flaw being Exploited in the Wild

You are never safe from hacking attacks but it doesn’t mean that you stop trying to keep yourself safe from cyber attacks.

Ever wondered that the latest operating system like Windows 10 which is said to be the most secure operating system by Microsoft till date can be hacked by just a simple Microsoft Word Document?

Well, The Security Researchers at FireEye and McAfee have found one critical vulnerability which compromises almost all the Windows OS including the latest and is said to be the most secure OS by Microsoft Windows 10.

Earlier on Friday (7th April 2017) this week the Senior Vulnerability Researcher at McAfee, Haifei Li revealed in his blog post the severity of the vulnerability.

The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office. says Haifei Li.

The Exploit works on all the versions of Microsoft office till the latest one and has not yet been patched.

How does It work?

The attack consists of a threat actor emailing a Microsoft Word document to the victim with the embedded OLE2link object. When the user opens the document, winword.exe issues an HTTP request to a remote server to get a malicious ‘.hta’ file, which pretends to be a fake RTF file. Then the Microsoft HTA application loads and executes the malicious script, which terminates the winword.exe process, downloads additional payloads and loads a decoy document for the user to see.

To say in short the bait document is closed by the exploit and the fake one is displayed to the victim, along with which the exploit gets successfully installed in the system.

The vulnerability is so severe that it is capable of bypassing most of the Microsoft’s Mitigations.

The FireEye also disclosed the details of the vulnerability on the very next day of McAfee’s blog post release. However, the Researcher said that the FireEye email and Networks detects the malware.

Patches Expected

The patch for the vulnerability is likely to be released by April 12th (Tuesday) up to┬áthen users are requested not to click on the suspected links and advised not to download files from unknown source. Also, the users can enable the Office Protected View as the malware doesn’t work when it is enabled.

Apart from that users are requested keep their antivirus programs updated.