Microsoft Word 0day used to push dangerous Dridex malware

jmke · 11th April 2017, 09:57

Booby-trapped documents exploiting a critical zeroday vulnerability in Microsoft Word have been sent to millions people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet.

Booby-trapped Word documents in the wild exploit critical Microsoft 0day
As Ars reported on Saturday, the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn't require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft's most secure operating system ever. The flaw is known to affect most or all Windows versions of Word, but so far no one has ruled out that exploits might also be possible against Mac versions. Researchers from security firms McAfee and FireEye warned that the malicious Word documents are being attached to e-mails, but didn't reveal the scope or ultimate objective of the campaign.

https://arstechnica.com/security/201...e-on-millions/

11th April 2017, 09:57	#1
jmke Madshrimp Join Date: May 2002 Location: 7090/Belgium Posts: 79,022	Microsoft Word 0day used to push dangerous Dridex malware Booby-trapped documents exploiting a critical zeroday vulnerability in Microsoft Word have been sent to millions people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet. Booby-trapped Word documents in the wild exploit critical Microsoft 0day As Ars reported on Saturday, the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn't require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft's most secure operating system ever. The flaw is known to affect most or all Windows versions of Word, but so far no one has ruled out that exploits might also be possible against Mac versions. Researchers from security firms McAfee and FireEye warned that the malicious Word documents are being attached to e-mails, but didn't reveal the scope or ultimate objective of the campaign. https://arstechnica.com/security/201...e-on-millions/ __________________

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Microsoft Word for Windows version 1.1a source code	Stefan Mileschin	WebNews	0	29th December 2016 08:03
How to Reverse a Numbered or Bulleted List in Microsoft Word	Stefan Mileschin	WebNews	0	25th June 2016 20:29
Why are PDF Files Generated by Microsoft Word so Large?	Stefan Mileschin	WebNews	0	9th October 2015 12:20
Microsoft makes source code for MS-DOS and Word 1.1 public	Stefan Mileschin	WebNews	0	27th March 2014 07:45
Macros Explained: Why Microsoft Office Files Can Be Dangerous	Stefan Mileschin	WebNews	0	12th September 2013 07:27
Dangerous IE 8 exploit remains unfixed by Microsoft, instead users are urged to upgra	Stefan Mileschin	WebNews	0	7th May 2013 09:13
Microsoft Surface Pro mSATA SSD Upgrade: Dangerous but Successful	Stefan Mileschin	WebNews	0	18th February 2013 09:19
Microsoft ordered to stop selling Word	jmke	WebNews	0	12th August 2009 21:19
Microsoft Issues Zero-Day Attack Alert For Word	jmke	WebNews	0	6th December 2006 11:46
Goodbye Microsoft Word - Hello Google Writely	jmke	WebNews	1	11th October 2006 10:15