Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot.
Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian
Besides a previously undisclosed code-execution flaw in Microsoft Word, the tech giant patches two more zero-day vulnerabilities that attackers had been exploiting in the wild for months, as part of this month’s Patch Tuesday.
In total, Microsoft patches 45 unique vulnerabilities in its nine products, including three previously undisclosed vulnerabilities under active attack.
The first
If you are a regular reader of The Hacker News, you might be aware of an ongoing cyber attack — detected in the wild by McAfee and FireEye — that silently installs malware on fully-patched computers by exploiting an unpatched Microsoft Word vulnerability in all current versions of Microsoft Office.
Now, according to security firm Proofpoint, the operators of the Dridex malware started
It’s 2017, and opening a simple MS Word file could compromise your system.
Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs.
The Microsoft Office zero-day attack, uncovered by researchers
Microsoft has released 16 security bulletins on Tuesday resolving a total of 44 security holes in its software, including Windows, Office, Exchange Server, Internet Explorer and Edge.
Five bulletins have been rated “critical” that could be used to carry out remote code execution and affected: Windows, Internet Explorer (IE), Edge (the new, improved IE), Microsoft Office and Office services;
Researchers at Kaspersky Lab have identified six APT groups using exploits for a Microsoft Office flaw that was patched in September 2015.
Microsoft released six critical vulnerabilities in addition to patching the much-hyped Badlock vulnerability.
Do you deal with MS Word files on the daily basis?
If yes, then are you aware that even opening a simple doc file could compromise your system?
It is a matter to think that the virus does not directly affect you, but it is you who let the virus carry out the attack by enabling deadly “Macros” to view the doc contents that are generally on eye-catching subjects like bank invoice.
How
A phishing campaign that spiked this week is pushing the Dridex banking Trojan via malicious macros embedded in XML file attachments.