Microsoft Word flaw was used in both espionage, crime since January

Microsoft Word flaw was used in both espionage, crime since January

A new zero-day flaw that affects all versions of Microsoft Word has been revealed and researchers said that the bug can be used to secretly install malware, even on fully patched machines. The exploit shows some bait Word document to the user while it's busy downloading extra payload in the background. It exploits a flaw in Windows' Object Linking and Embedding (OLE), an important feature of Office, which lets users embed or link to other Office documents, like spreadsheets or charts.

The attack can not be activated if people open the documents in Office's protected view, McAfee said.

The security company said it had been in contact with Microsoft about the vulnerability for several weeks, but did not publicly disclose any details until McAfee chose to reveal all in its blog post.

Elliott looking to oust AkzoNobel chairman
The activist investor, which holds a stake of 3.25% in Akzo, has said it would be responding to the allegations made by Akzo soon. Akzo's Dutch corporate structure gives its board wide latitude to control and block takeovers.

Microsoft is likely to release a security update along with its next batch of updates, scheduled for Tuesday this week. "Meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files ... to avoid this type of issue". The effort seems to be the first to take advantage of the Microsoft vulnerability and has already been sent to millions of victims mostly in Australia.

Microsoft has said they will patch the flaw today. When the user opens the document, winword.exe issues a HTTP request to a remote server to retrieve a malicious.hta file, which appears as a fake RTF file. A Microsoft spokesman told the BBC: "We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically". Also, users are urged to activate or enable Microsoft Office's Protected View.

So, if you receive a shady email message asking you to download the document and open it immediately.

Profile of U.S. Masters champion Garcia
American Rickie Fowler and Jimmy Walker led the way with just 1.51 putts per hole. "I don't have to answer that anymore", he said. Midway through day four it appeared the Spaniard, on his 74th attempt to win a major, was in the process of an epic capitulation.

The attack was capable of bypassing numerous mitigation systems built into Microsoft Office and Windows created to stop malicious files from executing.

"Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Office or WordPad". Since then, fellow cybersecurity firm FireEye published another blog about the same vulnerability, informing it had been withholding disclosure until Microsoft has had a chance to fix the glitch.

Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View.

Trump drops China bashing during warm Xi summit
Bilateral trade reached 519.6 billion USA dollars previous year , with two-way investment exceeding 170 billion dollars. A senior administration official said Trump informed Xi about the strikes as their dinner concluded on Thursday night.

Related Articles

  • US 'Wants No Escalation With Russia', Looks for Dialogue

    US 'Wants No Escalation With Russia', Looks for Dialogue

    Trump, who questioned the USA commitment to North Atlantic Treaty Organisation during the campaign, also plans to discuss with Mr. Wednesday's meeting was the first in-person encounter for these leaders, but not their first time speaking.
    Lexington Realty Trust (LXP) Lowered to Sell at Zacks Investment Research

    Lexington Realty Trust (LXP) Lowered to Sell at Zacks Investment Research

    Zacks' earnings per share calculations are a mean average based on a survey of analysts that cover Healthcare Trust Of America. Lexington Realty Trust (NYSE:LXP) share price jumped at US$10.43 before falling back to end the trade at US$10.41 a share.
    Gas prices rising in northern New England

    Gas prices rising in northern New England

    Gas prices rise over the summer as more people hit the road to take advantage of the warmer weather and school breaks. Rochesterians will pay more at the gas pump if they plan to travel this holiday weekend, industry experts say.
  • Apple launches red iPhone 7 and 7Plus for AIDS fundraising campaign

    Apple launches red iPhone 7 and 7Plus for AIDS fundraising campaign

    It also features a high-definition video recording tool and two cameras, front and back, with outstanding low-light performance. The new RED iPhone 7 will be available available to purchase online worldwide and in Apple stores beginning Friday, March 24 .
    Uganda charges, jails academic for insulting the president

    Uganda charges, jails academic for insulting the president

    Some call her fearless , others call her immoral and vulgar, the prosecution in the current case has questioned her mental health. Stella Nyanzi was campaigning for sanitary pads for needy girls in Uganda up through her arrest after Friday's fundraiser.
    Hamilton relishing titanic battle with Vettel

    Hamilton relishing titanic battle with Vettel

    This led to the safety vehicle coming out on track to ruin Vettel's smart strategic move. He also won two of his three titles in last-race showdowns.
  • North Carolina bill rejects Supreme Court ruling legalizing gay marriage

    North Carolina bill rejects Supreme Court ruling legalizing gay marriage

    House Bill 780 , which was proposed by four North Carolina House Republicans, is titled the " Uphold Historical Marriage Act ". A bill introduced Tuesday claims that the nation's highest court overstepped its authority with its 2015 gay-marriage ruling.

    Iran's Ahmadinejad registers to run for president

    Ayatollah Khamenei ultimately calls the shots in Iran, where the president can only influence policy, not decide it. While Ahmadinejad described that directive as "only advice", his decision challenges Khamenei's authority.

    Chinese state media cheer Xi-Trump meeting, say confrontation not inevitable

    Trump had promised during the campaign to stop what he called the theft of American jobs by China. He also said that the United States goal is the North's denuclearization, not regime change.
  • Hungary's president signs bill aimed at Soros-founded school

    Hungary's president signs bill aimed at Soros-founded school

    Opposition parties were quick to criticize Ader, a Fidesz politician who was re-elected by lawmakers to a five-year term in March.
    Cotton dazzles as A's spoil Royals' home opener with 2-0 win

    Cotton dazzles as A's spoil Royals' home opener with 2-0 win

    Yost added, 'There's nothing that helps you prepare for something like this. 'It's still heartbreaking to a lot of guys'. In 93 starts in Kansas City, he went 38-31 with a 3.89 ERA and 1-2 with a 4.66 ERA in nine postseason starts.

    National homecoming for Arthur, new king of Aintree

    One for Arthur is trained by Lucinda Russell, whose stables at Milnathort have procuced hundreds of winners . Arthur just cruised that race, Derek rode so well and I'm just a bit lost for words really.