Security

'Critical' Microsoft Office hack uses fake Word documents to install malware

A new exploit, reported by McAfee, uses trick Microsoft office files to install malware on a user's machine and can bypass existing protection methods.

cyberlock.jpg
Image: iStockphoto/SergeyNivens

Microsoft Office users beware: A new exploit is using fake versions of Office files—like Word documents—to install malware on a victim's computer. The attack was first detailed in a report from McAfee, which also offered steps that business users could take to protect themselves.

According to the report, the attacks started in January and leverage a vulnerability that hadn't yet been disclosed. The hack affects all versions of Office, the report noted, including the latest version of Office 2016 on Windows 10.

The problem starts when a user is sent a fake Word document from the attacker. Once the user tries to open the file, a malicious HTML application is downloaded from the attacker's server and is then executed as an .hta file (disguised as an RTF document), giving the hacker full code execution on the victim's computer, the report noted.

SEE: Information security incident reporting policy (Tech Pro Research)

"Thus, this is a logical bug, and gives the attackers the power to bypass any memory-based mitigations developed by Microsoft," the McAfee report said.

Once the damage is done, a fake Word document is shown to the user, but at that point it is too late—malware is already installed on the machine. According to the report, the vulnerability lies in the Windows Object Linking and Embedding (OLE) feature in office. As noted by our sister site, ZDNet, Microsoft is planning a patch for the vulnerability on Tuesday, April 11.

Until then, it is important that users protect themselves. McAfee's report offered the following two steps that users could take in light of this vulnerability:

  1. "Do not open any Office files obtained from untrusted locations."
  2. "According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled."

Malware continues to grow as a major security threat in the enterprise. Apple recently patched a mysterious malware known as proton, and other "invisible" forms of malware have recently been found in Windows Powershell and other testing tools. If you want some extra protection, check out some of these free anti-malware tools.

Malware can be expensive to fight, so it is crucial that organizations take steps to prevent it before it happens. Some companies, like IBM, are looking to artificial intelligence (AI) technologies like machine learning to help prevent cybercrime like phishing and malware.

The 3 big takeaways for TechRepublic readers

  1. A new Microsoft Office vulnerability allows attackers to use decoy Microsoft Word documents to install malware on a victim's computer.
  2. When the user attempts to download the file, a malicious .hta file is pulled from the attacker's server, which then loads and executes malicious script.
  3. McAfee recommends not opening any files from untrusted sources, and utilizing Microsoft Office Protected View, until the patch is sent on Tuesday.

Also see

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox