Candlelites

Everything from Everywhere

researchers warns of a new zero-day microsoft office vulnerability

researchers warns of a new zero-day microsoft office vulnerability News Article With The full text news. The Resource Link is down the post and you can View this News Article in the source page.



researchers warns of a new zero-day microsoft office vulnerability

microsoft office users are under attack today from a zero-day vulnerability that is not set to be patched until april 11. security firm mcafee first publicly posted about the new zero-day vulnerability in microsoft word files on april 7, with security firm fireeye following with its own disclosure a day later on april 8.at this point, it's not entirely clear how many users may have already been exploited by the zero-day attack."we plan to address this through an update on tuesday, april 11, and customers who have updates enabled will be protected automatically," microsoft wrote in a statement sent to eweek. "meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue."the issue, as described by mcafee and fireeye is found in microsoft office's word application, specifically linked to rich text format (rtf) documents. the vulnerability is present in all versions of microsoft office, including the latest office 2016 edition running on the windows 10 operating system. the actual vulnerability is a flaw in the windows object linking and embedding (ole) component that enables content to be linked inside of documents.further reading"the exploit connects to a remote server (controlled by the attacker), downloads a file that contains html application content, and executes it as an .hta file," mcafee explained in its disclos...