Hacking News m

Published on April 11th, 2017 | 1,864 views Post Views

Zero Day Vulnerability Found In Microsoft

Security Companies McAfee and FireEye detects Microsoft Zero-day Bug in Office 2016 which is running on Windows 10.

A scenario of this Zero day vulnerability attack is Malicious document file E-mailing to victim contains an embedded OLE2link object, when the victim opens the attachment document file winword.exe contacts a remote server over HTTP request to retrieve a malicious .hta file appears as a fake RTF file.

FireEye email and network products detect the malicious documents as: Malware.Binary.Rtf.

The Microsoft HTA application loads and executes the malicious script. In both observed documents the malicious script terminated the winword.exe process, downloaded additional payload(s), and loaded a decoy document for the user to see. The original winword.exe process is terminated in order to hide a user prompt generated by the OLE2link.

Screenshot by McAfee

Once the exploits connected remotely, it downloads a file that contains HTML application content and executes it in .hta file. Because .hta is executable, the attacker gains full code execution on the victim’s machine.

McAfee said in the blog, The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office. (Check our Black Hat USA 2015 presentation, in which we examine the attack surface of this feature.)

How to Protect?

Do not open any document file from unknown E-mail.

Currently, this vulnerability is not patched yet. Microsoft is working on this Bug and will be updated once it patches.

Share on Facebook0Share on Google+0Tweet about this on TwitterShare on Reddit0Email this to someonePrint this pageShare on StumbleUpon0Digg thisPin on Pinterest0Share on LinkedIn0












Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑

You Might Also Like:
inforfinder – Tool To Collect Information Of Any Domains Pointing At Some Server (Ip, Domain, Range, File)

nforfinder is a tool made to collect information of any domain pointing at a server (ip,domain,range,file). Requires python libs: pyRequests...

Close