Word vulnerability exploited to send Dridex malware to millions

Word vulnerability exploited to send Dridex malware to millions

Word vulnerability exploited to send Dridex malware to millions

A zero-day code-execution vulnerability in Microsoft Office is one of three critical flaws under active attack in the wild, Microsoft warned Tuesday as it rolled out a batch of updates that plug the security holes.

The.hta file enables the attacker to gain full administrator rights on the victim's machine.

Documents opened with the word processing software may trick users into downloading code that allows cyber criminals to infect their computer and capture banking logins.

Microsoft says it is patching the zero day vulnerability in its ubiquitous Office suite of software applications revealed last week by McAfee. This is done by exploiting vulnerabilities under the Windows Object Linking and Embedding (OLE) feature of Microsoft Office.

The attack can not be activated if people open the documents in Office's protected view, McAfee said.

A security company has found Australians were specifically targeted with malware that exploits a bug in Microsoft Word to steal users' banking details.

There is now no patch for this bug, however, Microsoft is expected to release a fix within its next round of security updates tomorrow. While Microsoft works on a patch, McAfee recommends not opening any Office files obtained from untrusted sources, and also enabling Office Protected View.

Here's what was (apparently) being said between Jose Mourinho and Michael Carrick
The visitors put the game to bed less than a minute into the second half as Henrikh Mkhitaryan squeezed one past Jordan Pickford. The Argentinian goalkeeper seemed fairly strong in his first Premier League start since joining the club a couple of years past.

Microsoft has been quick off the mark to release a patch for the vulnerability, which also affected Office 2016.

Microsoft has said they will patch the flaw today.

The malware can be disguised as important files or documents sent over email, meaning a student's homework or an office presentation could be harboring the next attack.

"The successful exploit closes the bait Word document, and pops up a fake one to show the victim", the McAfee researchers said. This flaw potentially can be exploited by attackers to take complete control of a system running a vulnerable deployment of the framework.

Microsoft is scheduled to release its monthly security updates on Tuesday, but it's not clear if a patch for this vulnerability will be included.

Proofpoint researchers claim that now the vulnerability is being exploited in malicious documents delivered by email to millions of PC users across different organizations, primarily based in Australia. Also, it is vital to ensure Protected View is enabled, as the attack can not bypass the security feature.

From the list, click Open in Protected View. Proofpoint also disclosed that the malware was called Dridex, a unsafe banking malware that exploits Microsoft Office and once the computer is infected, it steals banking information of the user.

Recommended News

  • Burger King ad triggers Google Home

    Burger King ad triggers Google Home

    Burger King did not immediately respond to a question asking whether the company had any concerns about angering consumers. In the 15-second clip, a BK employee says that he doesn't have enough time to name all of the ingredients in a Whopper.
    National Football League  investigating Marquette King, Marshawn Lynch for 'violation of gambling policy'

    National Football League investigating Marquette King, Marshawn Lynch for 'violation of gambling policy'

    With the news of the Raiders' eventual move to Vegas, this won't be the only time the NFL's gambling policy is tested. Pittsburgh Steelers linebacker James Harrison and retired running back Marshawn Lynch were billed as team coaches.

    Fed minutes reveal debate over inflation and Trump

    Crude oil futures eased from one-month highs on Wednesday after a surprising build in USA oil inventories. Indeed, some analysts said the Fed might need to take stronger steps to end its stimulus campaign.
  • Iran warns United States not to repeat attack on Syria

    On Thursday, U.S. forces launched 59 Tomahawk missiles at the Shayrat air base, which U.S. There was no immediate comment from Moscow on McCain's statement.
    Musa will still play for Leicester, says Shakespeare

    Musa will still play for Leicester, says Shakespeare

    Albrighton scored Leicester's second goal from a free kick in the 10th minute, sending the ball into the top right corner. Who is definitely out for Everton? Wes Morgan is expected to return to defence although he will face a late fitness test.
    North Korea blasts US strikes on Syria, says justify nukes: state media

    North Korea blasts US strikes on Syria, says justify nukes: state media

    The North has conducted five nuclear tests, including two previous year , and test-fired almost 30 ballistic missiles in defiance of U.N.
  • Featured Stock to See: BlackBerry Limited (BBRY)

    Several hedge funds and other institutional investors have recently made changes to their positions in the stock . BlackBerry Limited (BBRY) has 537.98 Million shares outstanding and 530.23 Million shares were floated in market.

    Garcia wins first major in dramatic playoff

    He had a double bogey on the par-4 third hole and could never recover. "And I hit probably one of the best putts I hit all week". Most different about Garcia is that he made it easy to root against him, blaming everything but his own shots and missed putts.

    South Africa's new finance minister vows 'radical' change

    On Saturday, Gigaba promised to transform the South African economy and said he was aware of the lack of trust in the country. But his sacking may now persuade investors and voters that South Africa is heading towards fiscal and political instability.
  • Once opposed to intervention, Trump says he can be flexible

    Once opposed to intervention, Trump says he can be flexible

    As a candidate and private citizen, Trump cast Syria's civil war as a quagmire from which the United States should steer clear. We targeted fuel reserves, aircraft, and did not target chemical weapons storages", he said.

    California elementary school shooting: 2 adults, 1 student dead

    Our Lady of the Assumption Church, at 796 W. 48th St., will host the vigil at 6 p.m., San Bernardino Mayor Carey Davis said. As the buses pulled away, some parents raced frantically alongside, waving and trying to recognize their children inside.

    Rare baby giraffe born at England zoo

    A GoFundMe page set up for April , giraffe father Oliver and their calf has raised more than $100,000 out of a goal of $50,000. And it's almost as many as the 33 million who viewed the Oscars this year.

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.