Software // Enterprise Applications
12:58 PM

Hackers Use New Zero-Day Word Exploit In Targeted Attack

Hackers used the vulnerability, which was confirmed Wednesday, to launch an attack against two employees at the same company earlier this month.

Hackers have already used a new zero-day flaw in Microsoft Word to launch targeted attacks against a specific company.

The vulnerability, which is a buffer overflow problem, affects Office 2000 and Office XP, according to Dave Marcus, a security research manager for McAfee Avert Labs. McAfee received a copy of the exploit from one of its antivirus users, says Marcus. It sent it to Microsoft on Feb. 9, and Microsoft confirmed on Wednesday that it is a new zero-day vulnerability.

This makes about half a dozen zero-day vulnerabilities to plague Microsoft Word since the beginning of January, notes Marcus.

Hackers used the then-unknown vulnerability to launch an attack against two employees at the same company earlier this month. "It was used in an extremely targeted attack," says Marcus, who wouldn't name the company, the industry it's in, or the type of work the employees do. "The attack was based on the role of the people being targeted. It was that targeted, that surgical."

Marcus adds that the attack, which wasn't successful, was aimed at stealing both personal and corporate information. "This is the Holy Grail of exploits," he says.

In the advisory that Microsoft posted online Wednesday night, analysts explain that a user has to open a malicious Office file attachment, such as a Word document, in an e-mail. If the file is opened, a Trojan or bot is downloaded onto the victim's computer, leaving it open for remote access, according to Marcus. The infected machine then could be used as a zombie, or part of a botnet, to send out spam or launch denial-of-service attacks.

The vulnerability was discovered recently, and it wasn't fixed in Microsoft's Patch Tuesday release, which included 12 patches and covered 20 vulnerabilities. In its advisory, Microsoft stated that it's working on a patch for the vulnerability.

Marcus says McAfee analysts haven't seen the exploit for this vulnerability circulating in the wild.

"It comes down to the fact that this is, essentially, how the bad guys try to steal data," he says. "They take the application and continually pound it to try to find vulnerabilities, and then they work on exploiting it. It's another zero-day, and we'll have plenty more of them later this year. The bad guys have gotten very effective at analyzing the code, and they keep doing it."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of July 24, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.