Woody Leonhard's no-bull news, tips and help for Windows, Office and more… Please disable your ad blocker – our (polite!) ads help keep AskWoody going!
Home icon Home icon Home icon Email icon RSS icon
  • Booby-trapped Word documents in the wild exploit critical Microsoft 0day

    Posted on April 17th, 2017 at 03:26 woody Comment on the AskWoody Lounge

    The exploit appears in a Word doc attached to an email message. When you open the doc, it has an embedded link that retrieves an executable HTML file which looks like an RTF file. Apparently, all of that happens automatically.

    The downloaded file loads a decoy that looks like a document, so the user thinks they’re looking at a doc. It then stops the Word program to hide a warning that would normally appear because of the link.

    Very clever. It works on all versions of Windows, including Win10. It works on all versions of Office, including Office 2016.

    Good overview by Dan Goodin at Ars Technica.

    Technical analysis by Genwei Jiang at FireEye

    FireEye shared the details of the vulnerability with Microsoft and has been coordinating for several weeks public disclosure timed with the release of a patch by Microsoft to address the vulnerability. After recent public disclosure by another company, this blog serves to acknowledge FireEye’s awareness and coverage of these attacks.

    Likely cause of the rush to disclose from Haifei Li at McAfee.

    McAfee’s recommendation:

    • Do not open any Office files obtained from untrusted locations.
    •  According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled.

    More details in my InfoWorld Woody on Windows post.

  • Deciphering Microsoft Security Advisory 2896666 on Word zero-day exploit

    Posted on November 6th, 2013 at 22:01 woody Comment on the AskWoody Lounge

    It’s really hard to figure out what’s going on, based on the official docs, but once you put it together, it ain’t half bad.

    Chances are good this won’t bite you, but it’s worth knowing about.

    InfoWorld Tech Watch