Candlelites

Everything from Everywhere

microsoft fixes 'critical' office word security flaw under active attack

microsoft fixes 'critical' office word security flaw under active attack News Article With The full text news. The Resource Link is down the post and you can View this News Article in the source page.



microsoft fixes 'critical' office word security flaw under active attack

microsoft has rolled out a patch for a previously undisclosed vulnerability in microsoft office, which if exploited could allow an attacker to install malware on fully-patched computers.the company rolled out the fix as part of its regularly scheduled patch tuesday.in its security advisory, microsoft said the "critical"-rated bug could allow an attacker to take control of an affected system, such as install programs and creating new accounts with full user rights.news of the vulnerability spilled out over the weekend.unlike some office-related malware, attackers don't need to use macros. instead, the vulnerability, which relates to the windows object linking and embedding (ole) function, is triggered when a victim opens a trick word document, which downloads a malicious html application from a server, disguised to look like a rich text document file as a decoy. the html application meanwhile downloads and runs a malicious script that can be used to stealthily install malware.the vulnerability has been known about since early january, when security researchers observed attackers exploiting the flaw. microsoft said the bug affects all supported versions of office and some versions of windows.security firm proofpoint also observed the exploit being used in a large-scale email campaign to distribute the dridex malware, usually targeting banks and financial institutions, to several unnamed organizations primarily in australia and elsewhere. if exploited, the malware installs dr...