It seems that the trend for exploiting vulnerabilities around the same time as Patch Tuesday continues. "Exploit Wednesday" this week saw an exploit targeting a just-patched Word vulnerability making its rounds.
Symantec reports that the vulnerability is now being exploited in more widespread attacks. Malformed Word documents doing the rounds contain shell code and three pieces of malware. The malware package is unusual in that it was created using the Word for Macintosh format instead of the standard Windows (OLE) format.
Detection against the malware — dubbed the Mdropper-Z Trojan — has been added to Symantec's security software. It also detected the separate malware files contained in the payload of the maliciously constructed word files as Trojan-Dropper, Backdoor-Trojan, and Hacktool-Rootkit.
Note that Microsoft Office 2007 and Microsoft Office 2003 SP3 are not affected by this exploit. You can read the full Symantec report here.
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.