Office discovered zero vulnerabilities hackers can use the Word document to install malicious software-vulnerability warning-the black bar safety net

2017-04-14T00:00:00
ID MYHACK58:62201785247
Type myhack58
Reporter 佚名
Modified 2017-04-14T00:00:00

Description

According to foreign media reports, recently a period of time, you when opening a Word document may have to be careful because the security company MCAfee researchers in Microsoft Office software found in a zero vulnerabilities, hackers can use it quietly in your computer system to install malicious software.

This zero vulnerability with a Word document related to, hackers exploit this vulnerability by Word document download disguised as a rich text document of a malicious HTML application. Once the program is executed, it will connect to the remote server and run a custom script, quietly in the user's computer to install malicious software.

This attack is way with the common macro invasion is different in the open macro document, the Office generally will issue a warning, but this attack is very hidden, the user is difficult to prevent.

This vulnerability is by McAfee researchers discovered them last Friday disclosed this vulnerability a lot of detailed information. After that, the network security firm FireEye published an article with this vulnerability is related to the blog article, it says they have been hidden and not hair, this vulnerability information until Microsoft a chance to fix this vulnerability.

However, these security companies have pointed out that this problem with Windows object linking and relocation(OLE function related. Over the past few years also found that some of the functions related to the vulnerability.

According to the researchers say all versions of Office are the existence of this vulnerability, the Windows 10 version of Office 2016 is no exception.

Fortunately, a Microsoft spokesperson has confirmed to the company in 4 December 11 December release of the monthly security upgrade fixes this vulnerability.

McAfee recommends that, in the use of the security upgrade to fix this vulnerability before, the user is best to protected mode to run the Office software, in addition do not easily open from the untrusted source Office document.