Over the weekend McAfee revealed they had discovered a new attack which uses Word files attached to emails to deploy malware to the recipient’s machine. While this method of delivery is nothing new there are a couple details which appear to make this attack particularly scary:
- This attack isn’t relying on macros (as we’ve seen in most MS Office based malware) and as such doesn’t need macros to be enabled. Instead, it’s using an OLE vulnerability.
- The attack is effective on fully patched Windows 10 machines and Office 2016 installations.
Thankfully it does appear that Protected View in Word is effective in preventing the attack, assuming the user doesn’t enable editing (or hasn’t disabled Protected View entirely).
This is why educating users about the potential risks and how to minimise them is vital. In the battle to defend your business, they are on the front lines, and a little knowledge can go a long way. Specifically, in this case, users need to understand they should never open attachments that aren’t from trusted sources, or even ones from trusted sources if they aren’t expected or appear suspicious in any way.
It sounds like Microsoft are already at work on patching the vulnerability (FireEye had bought it to their attention weeks back but was waiting for the patch to be ready before disclosing to the public), and soon antivirus tools will hopefully start to recognise and block the affected files. But there will inevitably be another, the persistent arms race between the malicious attackers and the software developers means we all need to be vigilant and remain informed.
If you would like advice or assistance protecting your business from IT security issues we’d love to help, please get in touch!