Microsoft fixes Word bug used to steal banking info

New Zero-day exploit use Word to hack your PC

This vulnerability was made public on Friday, but cyber security firm Proofpoint found that the said zero-day vulnerability was being exploited in an email marketing campaign.

The.hta file enables the attacker to gain full code-execution on the victim's machine - bypassing any memory-based mitigation developed by Microsoft. It will then proceed to download even more malicious payloads across various "well-known malware families", subsequently closing the original Word file that was weaponized for the attack.

The zero-day vulnerability affects multiple versions of Microsoft Office, including the most recent edition of Office 2016 running on Windows 10. This is done by exploiting vulnerabilities under the Windows Object Linking and Embedding (OLE) feature of Microsoft Office. McAfee traced the attacks all the way to late January.

Microsoft also released additional updates for vulnerabilities in its products overnight, as part of its monthly security updates. "Meanwhile, we encourage customers to practice safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue", the spokesperson advised. To the user, the HTA file appears as a Microsoft Rich text document with a.doc extension.




Multiple reports over the past few days have highlighted a serious security flaw in Microsoft Word which allows hackers to steal banking info.

Proofpoint researchers claim that now the vulnerability is being exploited in malicious documents delivered by email to millions of PC users across different organizations, primarily based in Australia. "Because of the widespread effectiveness and rapid weaponisation of this recent 0-day vulnerability, it is critical that users and organisations apply today's Microsoft patch as soon as possible", he says. "New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign". Since then, fellow cybersecurity firm FireEye published another blog about the same vulnerability, informing it had been withholding disclosure until Microsoft has had a chance to fix the glitch. This is mainly because, according to McAfee, the malware can not bypass the said Microsoft Office feature.

Phishing emails which claim to be from reputable financial organisations contain hidden software - created to exploit a newly discovered flaw in Microsoft Word.

Related news:

Hot News

isis-killer-beheading-video-story-top Watch SNL lampoon the director of Kendall Jenner's doomed Pepsi commercial
Apr 13, 2017 - 02:20
It featured Kendal Jenner while taken with photo shoot to be with the group of people who are having a rally in the street. The law enforcer opened the top, took a gulp and is welcomed by the unusual yells of regard from the protesters.

isis-killer-beheading-video-story-top Everything you need to know about Doctor Who series 10 episode 3
Apr 13, 2017 - 02:18
There have been calls for Capaldi's replacement, after three years as the Time Lord, to be the first female Doctor . She's very interested in The Doctor and the way his mind works. "Maybe I've got more of an adult way of dressing".

isis-killer-beheading-video-story-top Fierce clashes rock Palestinian refugee camp in Lebanon
Apr 13, 2017 - 02:17
Wednesday, an exchange of fire erupted in the camp was set to delay the deployment of the joint force. Many people wanted by the Lebanese authorities are believed to have taken refuge in the camp.

isis-killer-beheading-video-story-top Janet Jackson 'moved out of marital home a month ago'
Apr 13, 2017 - 02:17
Jackson, 50, and her husband are said to have agreed that things weren't working and opted to break up - according to TMZ . Janet married the businessman back in 2012, in an intimate ceremony.

Trump reverses position, says North Atlantic Treaty Organisation is 'no longer obsolete'
Apr 13, 2017 - 02:17
Security Council resolution calling for an investigation into the Syria chemical attack failed - killed by a Russian veto. As a candidate Trump complained repeatedly about fellow member states not paying their fair share.

isis-killer-beheading-video-story-top Taiwan bans dog and cat meat from table as attitudes change
Apr 13, 2017 - 02:15
Anyone caught in breach of the law could face up to two years in prison, as well as large fines and publication of their identity. The amendments were made to Taiwan's existing animal protection law , which was the first of its kind in Asia.

isis-killer-beheading-video-story-top Jump at the pump continues
Apr 13, 2017 - 02:15
Nationally, the spike was not as dramatic, with the average at $2.389, up from $2.326 a week ago and $2.303 at this time in March. Roseville, CA- Roseville motorists aren't alone as seasonal pressure begins kicking gas prices higher around the country.

isis-killer-beheading-video-story-top Burger King debuts Whopper ad that triggers Google Home devices
Apr 13, 2017 - 02:12
That phrasing prompts devices featuring Google's Assistant to wake up, and search the internet for information about the Whopper. It actually looks like Burger King went and edited the Whopper entry ahead of this ad being run.

isis-killer-beheading-video-story-top India's March retail inflation rises, February IIP falls
Apr 13, 2017 - 02:07
It has accelerated in recent months, pushed up in part by a weakening of the pound since last year's decision to leave the EU. But we don't think that that will panic the Monetary Policy Committee (MPC) into raising rates imminently.

isis-killer-beheading-video-story-top 'Only time will tell' on improving US-China trade
Apr 12, 2017 - 04:47
Some $347 billion of the $502 billion trade deficit recorded by the US past year was with China . South Korea's acting leader Hwang Kyo-ahn on Saturday held phone talks with U.S.

isis-killer-beheading-video-story-top Kim Jong Nam: Corpse arrives in Pyongyang
Apr 12, 2017 - 04:45
North Korea had insisted the body be returned to North Korea, despite North Korean officials claiming the dead man was not Mr Kim. While he is believed to have kept out of politics, he has given brief interviews criticising dynastic succession in North Korea.

isis-killer-beheading-video-story-top Nationals place Turner on 10-day DL with strained hamstring
Apr 12, 2017 - 04:40
The hope was that Turner would be back sometime this week, but the youngster is going to take some additional time to heal up. Washington Nationals shortstop Trea Turner was placed on the 10-day disabled list with a strained right hamstring.

isis-killer-beheading-video-story-top Police and public join forces to remember London victims
Apr 11, 2017 - 09:30
The police officer killed in the Westminster terror attack died after being stabbed in the chest, despite wearing body armour. Moving pics show a policeman wiping away tears as officers flocked to the bridge to pay tribute - many holding white roses.

isis-killer-beheading-video-story-top Bradley out of starting lineup for Red Sox, has MRI on knee
Apr 11, 2017 - 09:27
He was sent back to Boston for further evaluation and placed on the disabled list following the game on Monday. Bradley tripped and fell rounding first base but was able to walk off under his own power after falling down.

isis-killer-beheading-video-story-top NASA's Peggy Whitson takes command of space station
Apr 11, 2017 - 09:23
Three astronauts are heading back to earth having departed the International Space Station earlier. She is the first female astronaut who performed the highest number of spacewalks up to this point.