Wednesday, 9 September 2015

Microsoft Office: Documents Install Backdoor Through Recent Office Leak

A recent vulnerability in Microsoft Office that in April was patched is already several weeks actively attacked and used to install a backdoor on Windows computers. A problem because many organizations install security updates for Microsoft Office or wait very long time here.

By opening a malicious document, an attacker could then install malware on the computer. A tactic that has been successfully applied. Last year made ​​the British anti-virus firm Sophos study (pdf) to the vulnerabilities that attackers use to this kind of attack. Two leaks, one from 2010 and one from 2012, was attacked by most of the malicious documents. Also from other surveys show that the vulnerability in 2012 the favorite target of attackers.

Although there is an update to the now attacked Office leak for about five months is available, the question is how many organizations have installed. Even before the patch Microsoft released the vulnerability was attacked. Early August saw Sophos, however, pass by a series of papers that try to take advantage of the leak. The documents have subjects like "WUPOS_update.doc", "ammendment.doc", "Information 2.doc" and "Anti-Money Laude Ring & Suspicious cases.doc".

In case the files are opened on an unpatched machine, the code in the document called Uwarrior install a backdoor on the computer. This allows the attackers full control over the machine. To prevent infection, managers and users are advised to patch Office and not to open unexpected or unsolicited documents. Last week warned IBM all e-mail attachments to make a comeback as an attack vector.

No comments:

Post a Comment