Microsoft Issues Promised Patch for Office Zero-Day Exploit | eWeek

Microsoft Patches Critical Zero-Day Exploit in Office Suite

Microsoft Patches Critical Zero-Day Exploit in Office Suite
Verfasst von
Pedro Hernandez
Pedro Hernandez
Apr 11, 2017
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

As promised, Microsoft released a patch today that fixes a zero-day vulnerability in Office that cyber-attackers were already exploiting.

Word of the vulnerability spread just prior to the weekend when McAfee security researchers published an advisory on the cyber-security company’s blog. The vulnerability was traced to the Windows Object Linking and Embedding (OLE) component present in Office software that enables users to link to content in their documents.

“The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine,” stated McAfee.

This tactic allows the attack to appear as a logical flaw, enabling it to slip past Microsoft’s memory-based mitigation technologies, the post explained. The zero-day attack involved RTF (Rich Text Format) files with a .doc file extension that effectively appear as Word files to Office users.

When contacted by eWEEK’s Sean Michael Kerner, a Microsoft spokesperson said a patch was set to arrive on April 11. “Meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue,” the spokesperson advised.

Today, Microsoft confirmed to eWEEK that it had patched the flaw. “This was addressed in the April security update release today, April 11, 2017. Customers who applied the update, or have automatic updates enabled, are already protected,” said a Microsoft spokesperson.

Details on the patch are available in this security advisory (CVE-2017-0199) from Microsoft, which also confirms McAfee’s claim that an exploit is in the wild. The vulnerability carries a Critical severity rating, Microsoft’s highest, for several versions of Office going back to Office 2007 SP3.

Microsoft’s Office productivity software suite is a popular target for cyber-attackers, due in large part to its ubiquity in the corporate world.

Business users regularly trade Office files via email, a fact that cyber-attackers rely on for their spam and phishing campaigns. “As Microsoft Office is an extensively used productivity suite on Windows desktop computers, this actively attacked vulnerability poses a big concern,” said Amol Sarwate, director of Engineering at Qualys, in an email sent to eWEEK.

“Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Office or WordPad. [Attackers] could accomplish this by sending a specially crafted file to the user and then convincing the user to open the file,” continued Sarwate. “We recommend administrators patch this as soon as possible.”

Sarwate also suggested that organizations enable the Protected View feature in Office, a read-only view, of sorts, that disables functionally that malware typically hooks into during an attack. Despite enabling Protected view, users should remain vigilant.

“Even when Protected View is enabled users should take extreme precaution while opening files obtained from un-trusted sources or while opening unexpected e-mail even from trusted sources as they could be spoofed,” Sarwate added.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.