A new zero-day flaw that affects all versions of Microsoft Word has been revealed and researchers said that the bug can be used to secretly install malware, even on fully patched machines. The exploit shows some bait Word document to the user while it's busy downloading extra payload in the background. It exploits a flaw in Windows' Object Linking and Embedding (OLE), an important feature of Office, which lets users embed or link to other Office documents, like spreadsheets or charts.
The attack can not be activated if people open the documents in Office's protected view, McAfee said.
The security company said it had been in contact with Microsoft about the vulnerability for several weeks, but did not publicly disclose any details until McAfee chose to reveal all in its blog post.
Elliott looking to oust AkzoNobel chairman
The activist investor, which holds a stake of 3.25% in Akzo, has said it would be responding to the allegations made by Akzo soon. Akzo's Dutch corporate structure gives its board wide latitude to control and block takeovers.
Microsoft is likely to release a security update along with its next batch of updates, scheduled for Tuesday this week. "Meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files ... to avoid this type of issue". The effort seems to be the first to take advantage of the Microsoft vulnerability and has already been sent to millions of victims mostly in Australia.
Microsoft has said they will patch the flaw today. When the user opens the document, winword.exe issues a HTTP request to a remote server to retrieve a malicious.hta file, which appears as a fake RTF file. A Microsoft spokesman told the BBC: "We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically". Also, users are urged to activate or enable Microsoft Office's Protected View.
So, if you receive a shady email message asking you to download the document and open it immediately.
Profile of U.S. Masters champion Garcia
American Rickie Fowler and Jimmy Walker led the way with just 1.51 putts per hole. "I don't have to answer that anymore", he said. Midway through day four it appeared the Spaniard, on his 74th attempt to win a major, was in the process of an epic capitulation.
The attack was capable of bypassing numerous mitigation systems built into Microsoft Office and Windows created to stop malicious files from executing.
"Exploitation of this vulnerability requires that a user open or preview a specially crafted file with an affected version of Office or WordPad". Since then, fellow cybersecurity firm FireEye published another blog about the same vulnerability, informing it had been withholding disclosure until Microsoft has had a chance to fix the glitch.
Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View.
Trump drops China bashing during warm Xi summit
Bilateral trade reached 519.6 billion USA dollars previous year , with two-way investment exceeding 170 billion dollars. A senior administration official said Trump informed Xi about the strikes as their dinner concluded on Thursday night.