Practical attacks using 0-day vulnerabilities in Microsoft Word
There is new information about the recently patched vulnerability in Microsoft Word , which is used in practical social engineering attacks on Internet users. Researchers from Proofpoint have observed the use of an exploit in a large spammer campaign spreading the Dridex Trojan . Messages have been sent to many organizations around the world, but according to statistics, Australians are the most besieged spam nation. This is also the first campaign in which the use of the newly disclosed 0-day vulnerability in the MS Office package has been noticed.
Microsoft Word supports the so-called "protected view" for documents downloaded from the Internet or opened directly from the e-mail. In such cases, you must "enable editing" before running the exploit. This is the problem - most users get used to this function, which will result in the execution of malicious code: download and installation of one of the Dridex Trojan variants - "Dridex botnet ID 7500".
Microsoft has released the vulnerability update CVE-2017-0199 on April 11, 2017. Due to the high efficiency of social engineering, it is important for users and organizations to implement an automatic update through Windows Update as soon as possible.
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.