Notebookcheck Logo

Researchers: Microsoft Office security hole exploited by hackers and government agencies

In 2015, it was cited as the means by which cyber-attackers stole more than £20m from British bank accounts. (Source: BBC)
In 2015, it was cited as the means by which cyber-attackers stole more than £20m from British bank accounts. (Source: BBC)
Microsoft recently released a security patch to resolve a vulnerability in Microsoft Office. Attackers, including malware distributors and cyber-espionage groups, are exploiting the flaw to seize control of users' systems.
Windows Software Security

If you were unfortunate enough to be one of those users who affected by the recently-patched Microsoft Office bug, Microsoft’s recent patch may not be enough to put you at ease as it appears that more attackers were using the exploit than previously thought. The vulnerability was originally thought to be limited to just three known attackers, but research groups have discovered that more organizations were using the exploit as early as January.

The exploit takes the form of a file masquerading as a harmless Word document; in reality, the Rich Text file downloads a malicious HTML application from a server. The application then downloads and runs a script that can be used to install malware without the user’s knowledge.

Among the groups is FinSpy, which used the bug to install a spy program for carrying out espionage. The group has ties to state-sponsored groups. FinSpy is associated with Germany and UK-based “lawful intercept” from Gamma Group.

FireEye was unwilling to discuss who was behind the attacks. According to the report, only one FinSpy user has been observed leveraging this zero-day exploit. “The historic scope of FinSpy, a capability used by several nation-states, suggests other customers had access to it,” the report says.

Microsoft patched the exploit on Tuesday, but not all machines have updated to the latest patch and as a result remain vulnerable.

Source(s)

Related Articles

Microsoft Outlook Windows client version 20231027003.15 (Source: Own)
The new Outlook gives Microsoft access to Gmail, Yahoo, iCloud, and IMAP accounts 11/10/2023
Users of pirated MS Office software in countries like India are reportedly being offered special discounts to subscribe to Office 365 (Image source: Microsoft)
Microsoft is apparently offering 50 percent discounts to certain MS Office pirates, to entice them away from cracked copies of Office 12/13/2021
New Office app for Windows 10 (Source: Microsoft 365 Blog)
Microsoft will soon launch the Office app for Windows 10 12/20/2018
FSLogix website homepage showing the news about joining Microsoft
Microsoft buys FSLogix to improve Office 365 virtualization 11/20/2018
Microsoft Office 2019 PowerPoint (Source: Microsoft 365 Blog)
Cloud-independent Microsoft Office 2019 now available for Windows and macOS 09/26/2018
Apple internal tool up for sale on the black market (Source: ZDNet)
A collection of Apple internal tools allegedly up for sale on the black market 06/04/2018
Under Armour has recommended that MyFitnessPal users change their passwords immediately. (Source: MyFitnessPal)
150 million MyFitnessPal users affected by hack 03/30/2018
Telegram facing troubles in Russia as of March 2018, forced to hand over user encryption keys to the local authorities
Telegram ordered to hand over user encryption keys by Russian authorities 03/20/2018
Windows Defender ATP will now enable deep security insights for older Windows versions. (Source: Microsoft)
Windows Defender ATP coming to Windows 7 and Windows 8.1 02/13/2018
New security measures put in place by the TSA could slow down security lines if passengers aren't prepared for the change. (Source: CNBC/Getty Images)
United States airport security could get even slower 07/27/2017
With its vast user base, a recently discovered security flaw in Skype could potentially put millions of users at risk. (Source: Microsoft)
Security exploit discovered in Skype 06/30/2017
The submitted patent for the disablement system. (Source: MSPowerUser)
Microsoft patents always-on anti-theft technology for laptops 06/25/2017
UK Parliament was forced to restrict access to their email accounts due to sustained cyber-attacks today. (Source: Justin Tallis/AFP/Getty Images)
UK parliament suffering from sustained cyber-attacks 06/24/2017
WannaCry is estimated to have extracted US$126,000 in Bitcoin from victims. (Source: Gillian Hann/Twitter)
British intelligence claims North Korea is behind WannaCry, though doubts persist 06/19/2017
A recently confirmed Android exploit can seize control of your device. (Image source: goh4x.blogspot.com)
"Cloak and Dagger" vulnerability can leave your Android phone open to attack 05/27/2017
The unassuming intrusion method has made this attack one of the most widespread in recent history. (Source: Check Point)
Vulnerability found in subtitle system of VLC, Kodi, and other media players 05/26/2017
Windows Vista's new display driver stack enabled 3D acceleration of the Windows desktop, but for many users this meant taking a hit to performance. (Source: Ars Technica)
Microsoft ends support for Windows Vista 04/11/2017
The existing Surface Book. Its successor reportedly lacks a detachable screen. (Source: Microsoft Store)
Microsoft's new Surface Book reportedly enters production, might be announced soon 03/16/2017
Microsoft doesn't want anyone to forget that yes, they have their own cloud storage service. (Source: The Verge)
Microsoft displays ads on Windows 10 File Explorer 03/10/2017
Windows market share graph by Microsoft, November 2016
Windows 10 leading the market according to Microsoft 01/30/2017
Microsoft cutting more jobs from its smartphone branch
Microsoft cutting more thousands more jobs from its smartphone branch 05/27/2016
static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Expert Reviews and News on Laptops, Smartphones and Tech Innovations > News > News Archive > Newsarchive 2017 04 > Researchers: Microsoft Office security hole exploited by hackers and government agencies
Isaac Brown, 2017-04-12 (Update: 2017-04-13)