Another Microsoft Office vulnerability has surfaced online that threatens most MS Office users. This time, the flaw appears in MS Word that allows potential attackers to bypass all security measures upon exploit. However, the vendors refused to patch this Microsoft Word bug despite knowing about it for long.
Microsoft Word Bug Under Active Exploits
Researchers from Mimecast Research Labs have uncovered active
exploits of a Microsoft Word bug. They found that the vulnerability
allows attackers to evade all security measures such as antimalware on
the target system.
The flaw basically exists in the way of handling Integer Overflow
errors by Microsoft Word in OLE file format. Together with another
memory corruption vulnerability (CVE-2017-11882)
patched earlier, the researchers found hackers actively exploiting the
vulnerability to take over systems. The group of hackers allegedly
belongs to Serbia. They use specially crafted Microsoft Word documents
to exploit the OLE vulnerability, thereby bypassing all security
measures. As stated by Mimecast,
“The group was able to exploit this bug to circumvent many security solutions designed to protect data from infestation, including leading sandbox and anti-malware technologies.”
In the case analyzed by Mimecast, hackers allegedly dropped JACKSBOT
malware to the target systems. This malware allows the attackers to gain
complete access to the victim machine. About the malware, the
researchers state,
“Malware code reveals that it is capable of visiting URLs, creating files and/or folders, running shell commands, and executing and ending programs. It can also steal information by logging keystrokes and mouse events.”
The researchers have elaborated about the technicalities of the exploit in their report.
No Patch From Microsoft
Upon discovering the exploit, Mimecast reached Microsoft, informing them of the flaw. While Microsoft acknowledged their report, they allegedly refused to release a fix for now.
“Microsoft acknowledged it was unintended behavior, but declined to release a security patch at this time, as the issue on its own does not result in memory corruption or code execution. The issue may be fixed at a later date.”
Mimecast discovered and reported the vulnerability to Microsoft in May 2018. However, the flaw still persists allowing the hackers active exploitation
.gif)
🏆🏆🏆🏆🏆
ReplyDelete