Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Booby-trapped Word documents in the wild exploit critical Microsoft 0day

    Posted on April 17th, 2017 at 03:26 woody Comment on the AskWoody Lounge

    The exploit appears in a Word doc attached to an email message. When you open the doc, it has an embedded link that retrieves an executable HTML file which looks like an RTF file. Apparently, all of that happens automatically.

    The downloaded file loads a decoy that looks like a document, so the user thinks they’re looking at a doc. It then stops the Word program to hide a warning that would normally appear because of the link.

    Very clever. It works on all versions of Windows, including Win10. It works on all versions of Office, including Office 2016.

    Good overview by Dan Goodin at Ars Technica.

    Technical analysis by Genwei Jiang at FireEye

    FireEye shared the details of the vulnerability with Microsoft and has been coordinating for several weeks public disclosure timed with the release of a patch by Microsoft to address the vulnerability. After recent public disclosure by another company, this blog serves to acknowledge FireEye’s awareness and coverage of these attacks.

    Likely cause of the rush to disclose from Haifei Li at McAfee.

    McAfee’s recommendation:

    • Do not open any Office files obtained from untrusted locations.
    •  According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled.

    More details in my InfoWorld Woody on Windows post.

    If that helped, take a second to support AskWoody on Patreon