This represents the first malware distribution campaign exploiting the newly discovered Microsoft Word zero-day vulnerability.
McAfee and FireEye posted blogs revealing the attack, which, as these things so often do, starts with a malicious email attachment.
McAfee said "the attacker gains full code execution on the victim's machine".
As the means through which cyber-attackers stole more than £20 m, it had been mentioned in 2015. It will then proceed to download even more malicious payloads across various "well-known malware families", subsequently closing the original Word file that was weaponized for the attack. It even shows a fake Word document to hide the attack from the victim. The root cause lies in an important Office feature known as Object Linking and Embedding (OLE). The security researchers who discovered this vulnerability say that it is different from other Word exploits seen in the past because it does not require the user to enable Macros.
A Microsoft spokesperson has confirmed that the company will offer a patch to rectify the issue, which will be available on Tuesday as part of the software giant's monthly release of updates. They further added, "In the background, the malware has already been furtively installed on the system of the victim".
City of Powell River presents Easter egg hunt
On Easter Sunday, the Brownsville Community Church Team has organized an Easter Egg Hunt open to all children in the community. There were zones marked off for five age groups up to sixth grade and, in total, about 800 colored plastic eggs.
McAfee told users not to open any Office files obtained from untrusted sources, especially from emails.
Security researchers at FireEye said that they also recently detected malicious Microsoft Office Rich Text Format (RTF) documents that leverage a previously undisclosed vulnerability.
A hole in Microsoft's defenses, in general, is bad enough, but a malware that can infect users using every supported version of the MS Office products is just devastating. "As Microsoft Office is an extensively used productivity suite on Windows desktop computers, this actively attacked vulnerability poses a big concern", said Amol Sarwate, director of Engineering at Qualys, in an email sent to eWEEK.
McAfee said it identified the attacks on Thursday and chose to release its advisory immediately, which appeared late on Friday. Also, the attack can not bypass the Protected View in Word, so McAfee suggested enabling this view mode when opening documents just to be sure. An agreement was made to release information about the vulnerability only after a patch was devised. To enable Office Protected View in your application, launch Microsoft Word.