Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    Microsoft Patches Critical Zero-Day Exploit in Office Suite

    By
    Pedro Hernandez
    -
    April 11, 2017
    Share
    Facebook
    Twitter
    Linkedin

      As promised, Microsoft released a patch today that fixes a zero-day vulnerability in Office that cyber-attackers were already exploiting.

      Word of the vulnerability spread just prior to the weekend when McAfee security researchers published an advisory on the cyber-security company’s blog. The vulnerability was traced to the Windows Object Linking and Embedding (OLE) component present in Office software that enables users to link to content in their documents.

      “The exploit connects to a remote server (controlled by the attacker), downloads a file that contains HTML application content, and executes it as an .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine,” stated McAfee.

      This tactic allows the attack to appear as a logical flaw, enabling it to slip past Microsoft’s memory-based mitigation technologies, the post explained. The zero-day attack involved RTF (Rich Text Format) files with a .doc file extension that effectively appear as Word files to Office users.

      When contacted by eWEEK’s Sean Michael Kerner, a Microsoft spokesperson said a patch was set to arrive on April 11. “Meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue,” the spokesperson advised.

      Today, Microsoft confirmed to eWEEK that it had patched the flaw. “This was addressed in the April security update release today, April 11, 2017. Customers who applied the update, or have automatic updates enabled, are already protected,” said a Microsoft spokesperson.

      Details on the patch are available in this security advisory (CVE-2017-0199) from Microsoft, which also confirms McAfee’s claim that an exploit is in the wild. The vulnerability carries a Critical severity rating, Microsoft’s highest, for several versions of Office going back to Office 2007 SP3.

      Microsoft’s Office productivity software suite is a popular target for cyber-attackers, due in large part to its ubiquity in the corporate world.

      Business users regularly trade Office files via email, a fact that cyber-attackers rely on for their spam and phishing campaigns. “As Microsoft Office is an extensively used productivity suite on Windows desktop computers, this actively attacked vulnerability poses a big concern,” said Amol Sarwate, director of Engineering at Qualys, in an email sent to eWEEK.

      “Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Office or WordPad. [Attackers] could accomplish this by sending a specially crafted file to the user and then convincing the user to open the file,” continued Sarwate. “We recommend administrators patch this as soon as possible.”

      Sarwate also suggested that organizations enable the Protected View feature in Office, a read-only view, of sorts, that disables functionally that malware typically hooks into during an attack. Despite enabling Protected view, users should remain vigilant.

      “Even when Protected View is enabled users should take extreme precaution while opening files obtained from un-trusted sources or while opening unexpected e-mail even from trusted sources as they could be spoofed,” Sarwate added.

      Avatar
      Pedro Hernandez
      Pedro Hernandez is a contributor to eWEEK and the IT Business Edge Network, the network for technology professionals. Previously, he served as a managing editor for the Internet.com network of IT-related websites and as the Green IT curator for GigaOM Pro.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×