Inside the word/_rels/ folder is a file, containing an external reference to hxxps//At the time of writing (0041 EDT ), this website is no longer online. Unzipping the file extracts all the components that make up the Office document. We have replicated this exploit and are sharing our findings below. The Huntress team obtained the sample first shared by on Twitter and examined the contents of the Microsoft Word document. There are additional suggestions for mitigation actions at the bottom of this post. They should also be made aware that this exploit can be triggered with a hover-preview of a downloaded file that does not require any clicks (post download). If you are seeking guidance on how to keep your users safe rather than an in-depth explanation of the vulnerability, the short answer is to let them know that there is a newly discovered vulnerability in MS Word (and likely other MS Office apps) that could install malware so they should be especially vigilant about opening any attachments. In this article, we will discuss recreating the attack vector, detection efforts and potential mitigation steps. Throughout the next coming days, we expect exploitation attempts in the wild through email-based delivery. Huntress is keeping a close eye on the developing threat of a zero-click remote code execution technique used through MSDT (Microsoft Diagnostics Tool) and Microsoft Office utilities, namely Microsoft Word. The Non-Technical Version of What's Happening
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |