Microsoft Office bug exposes users to malware that can be installed through Word documents

The vulnerability is yet to be fixed, and consumers should take extra precautions to protect themselves

Aatif Sulleyman
Monday 10 April 2017 12:00 EDT
Comments
McAfee has warned Office users against opening files from 'untrusted' sources
McAfee has warned Office users against opening files from 'untrusted' sources (REUTERS/Lucy Nicholson)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Researchers have discovered a security vulnerability that exposes Microsoft Office users to malware.

The bug, which is yet to be fixed, affects all versions of Microsoft’s productivity suite, including Office 2016 for Windows 10.

The vulnerability was first revealed by McAfee researchers, though security experts at FireEye say they’ve been aware of it for several weeks and didn’t want to publicly disclose any details before Microsoft had managed to address the issue.

“The attack involves a threat actor emailing a Microsoft Word document to a targeted user with an embedded OLE2link object,” FireEye explains in a blog post.

“When the user opens the document, winword.exe issues a HTTP request to a remote server to retrieve a malicious .hta file, which appears as a fake [Rich Text Format] file. The Microsoft [HTML Application] loads and executes the malicious script.”

The bug relates to Microsoft Office’s Object Linking and Embedding (OLE) feature, and McAfee says the earliest such attack it has managed to detect took place in late January.

Microsoft is expected to fix the issue this week with the release of its next Patch Tuesday security update.

It's also preparing the introduction of the Windows 10 Creators Update, though users have the option to download the update before its official release.

For the time being, McAfee has warned Microsoft Office users against opening files from "untrusted" sources.

It also says the attack can’t bypass the Protected View in Office applications, so users should enable this while the bug can still be exploited.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in