Saturday, Apr 27, 2024 | Last Update : 07:51 AM IST
Microsoft patches serious Word bug targeted by scammers
The flaw is known to affect most or all Windows versions of Word
Microsoft has stated that the bug in Word which was allegedly being used to try and steal banking logins will be patched. The bug, or as called “zero-day” vulnerabilities was previously undetected was reported over the weekend.
Then on April 10, cybersecurity firm Proofpoint announced that it had discovered an email campaign targeting the bug which was aimed to allocate Dridex malware.
In a report by ArsTechnica it has been stated that, “the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn't require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft's most secure operating system ever.
The flaw is known to affect most or all Windows versions of Word, but so far no one has ruled out that exploits might also be possible against Mac versions. Researchers from security firms McAfee and FireEye warned that the malicious Word documents are being attached to e-mails, but didn't reveal the scope or ultimate objective of the campaign.
The flaw discovered in many versions of MS Word for Windows could allow malicious software, including Dridex, to be installed, according to cybersecurity researchers.
"During our testing (for example on Office 2010) the vulnerable system was fully exploited," wrote Proofpoint researchers in a blog.
"We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically," said a Microsoft spokesman.
"Meanwhile we encourage customers to practise safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue."
Proofpoint also urged Microsoft Word users to install the security updates quickly.
"Because of the widespread effectiveness and rapid weaponisation of this exploit, it is critical that users and organisations apply the patch as soon as it becomes available," the firm said.
(source)
