Posted on April 17th, 2017 at 03:26 Comment on the AskWoody Lounge
The exploit appears in a Word doc attached to an email message. When you open the doc, it has an embedded link that retrieves an executable HTML file which looks like an RTF file. Apparently, all of that happens automatically.
The downloaded file loads a decoy that looks like a document, so the user thinks they’re looking at a doc. It then stops the Word program to hide a warning that would normally appear because of the link.
Very clever. It works on all versions of Windows, including Win10. It works on all versions of Office, including Office 2016.
Good overview by Dan Goodin at Ars Technica.
Technical analysis by Genwei Jiang at FireEye
FireEye shared the details of the vulnerability with Microsoft and has been coordinating for several weeks public disclosure timed with the release of a patch by Microsoft to address the vulnerability. After recent public disclosure by another company, this blog serves to acknowledge FireEye’s awareness and coverage of these attacks.
Likely cause of the rush to disclose from Haifei Li at McAfee.
- Do not open any Office files obtained from untrusted locations.
- According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled.
More details in my InfoWorld Woody on Windows post.
Posted on November 6th, 2013 at 22:01 Comment on the AskWoody Lounge
It’s really hard to figure out what’s going on, based on the official docs, but once you put it together, it ain’t half bad.
Chances are good this won’t bite you, but it’s worth knowing about.
InfoWorld Tech Watch