New research results published by cybersecurity firm Sophos, show that malicious third parties were able to take a publicly available proof-of-concept Office exploit and weaponize it to deliver the Formbook malware. Allegedly, cybercriminals actually managed to create an exploit capable of bypassing a critical remote code execution vulnerability in Microsoft Office, which got patched earlier this year.
Attackers bypass critical Microsoft Office patch with exploit
You don’t have to go back in time that long to figure out where it all started. Back in September, Microsoft released a patch to prevent attackers from executing malicious code embedded in a Word document. Thanks to this flaw, a Microsoft Cabinet (CAB) archive, containing a malicious executable, would be automatically downloaded. This was achieved by reworking the original exploit and placing the malicious Word document inside a specially crafted RAR archive, that delivered a form of the exploit capable of successfully evading the original patch. Furthermore, this latest exploit was delivered to its victims using spam emails for approximately 36 hours before it disappeared completely. The security researchers at Sophos believe that the exploit’s limited lifespan could mean that it was a dry run experiment that could be used in future attacks. It was also discovered that the attackers responsible had created an abnormal RAR archive that had a PowerShell script prepending a malicious Word document stored inside the archive. In order to help spread this dangerous RAR archive and its malicious contents, the attackers created and distributed spam emails which invited victims to uncompress the RAR file to access the Word document. So you better keep this in mind when dealing with this software and if something seems even remotely suspicious. Staying safe should be the number one priority for us all when dealing with the internet. Simple actions that might seem harmless ar first, could trigger serious chains of events and consequences. Were you also a victim of these malware attacks? Share your experience with us in the comments section below.
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ
