Hackers Use New Zero-Day Word Exploit In Targeted Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Hackers Use New Zero-Day Word Exploit In Targeted Attack

Hackers used the vulnerability, which was confirmed Wednesday, to launch an attack against two employees at the same company earlier this month.

Hackers have already used a new zero-day flaw in Microsoft Word to launch targeted attacks against a specific company.

The vulnerability, which is a buffer overflow problem, affects Office 2000 and Office XP, according to Dave Marcus, a security research manager for McAfee Avert Labs. McAfee received a copy of the exploit from one of its antivirus users, says Marcus. It sent it to Microsoft on Feb. 9, and Microsoft confirmed on Wednesday that it is a new zero-day vulnerability.

This makes about half a dozen zero-day vulnerabilities to plague Microsoft Word since the beginning of January, notes Marcus.

Hackers used the then-unknown vulnerability to launch an attack against two employees at the same company earlier this month. "It was used in an extremely targeted attack," says Marcus, who wouldn't name the company, the industry it's in, or the type of work the employees do. "The attack was based on the role of the people being targeted. It was that targeted, that surgical."

Marcus adds that the attack, which wasn't successful, was aimed at stealing both personal and corporate information. "This is the Holy Grail of exploits," he says.

In the advisory that Microsoft posted online Wednesday night, analysts explain that a user has to open a malicious Office file attachment, such as a Word document, in an e-mail. If the file is opened, a Trojan or bot is downloaded onto the victim's computer, leaving it open for remote access, according to Marcus. The infected machine then could be used as a zombie, or part of a botnet, to send out spam or launch denial-of-service attacks.

The vulnerability was discovered recently, and it wasn't fixed in Microsoft's Patch Tuesday release, which included 12 patches and covered 20 vulnerabilities. In its advisory, Microsoft stated that it's working on a patch for the vulnerability.

Marcus says McAfee analysts haven't seen the exploit for this vulnerability circulating in the wild.

"It comes down to the fact that this is, essentially, how the bad guys try to steal data," he says. "They take the application and continually pound it to try to find vulnerabilities, and then they work on exploiting it. It's another zero-day, and we'll have plenty more of them later this year. The bad guys have gotten very effective at analyzing the code, and they keep doing it."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll