[ALERT] Is Your Microsoft Word Vulnerable to Hackers?
If you use Microsoft Word, you need to know it has security vulnerabilities previously undisclosed. There are patches available now and it is critical that you apply them. Here is what’s wrong and how to make it right. Read on...
Microsoft Word Patch Alert
The vulnerability in all versions of Word is called CVE-2017-11882. It is a flaw in the way that Word handles objects stored in RAM memory. It can be exploited to allow an attacker to run any code he wants on the user’s system. If the user has administrator privileges, the attacker can mess with any other users on the victim’s network. He can steal files, install malware, and so on.
Astoundingly, Word vulnerability CVE-2017-11882 has existed for seventeen years! It was just discovered and reported in early November, 2017. Security researchers fear that hackers have been busily exploiting the vulnerability while a patch was in the works. They also fear that many users won’t install the patch, and have automatic Windows Update patches disabled. Don’t be one of those people!
So far, only one phishing scam has been identified that seeks to exploit this vulnerabilty. It is an email that urges a target user to open the Word document attached to it. The document is protected from antimalware detection by a password, which is included in the email for the user to unlock the file.
When unlocked, the document is almost blank. It shows just the command, “Enable editing.” While the victim is distracted with that meaningless busywork, a hidden Powershell script is already downloading a program called “Cobalt Strike” and using it to execute malicious commands, unseen by the user.
Cobalt Strike is a widely used, open-source toolkit for security researchers. It is used to simulate cyberattacks; in this case, it’s being used to launch a real attack. Merely opening the document triggers the Powershell script; enabling editing is just a distraction that buys time for the script to do its dirty work.
Microsoft became aware of the CVE-2017-11882 vulnerability during the second week of November. But it waited to release a patch, and bundled it with a major Windows 10 update that started rolling out to users weeks later.
All Versions of Office are Vulnerable
Security researchers at Embedi have confirmed that all Microsoft Office versions (including Microsoft Office 365) running on any version of Windows (32-bit or 64-bit) are vulnerable. If you use Word, you need this patch no matter what version of Windows you are running. On one of my Windows 7 machines, I found the patch was available on November 28. Running Windows Update installed it. Had I waited until 3:00 a.m. the next morning, it should have been installed automatically.
“Should” isn’t good enough; I urge you to run Windows Update, check for updates and install any patches available for Microsoft Office. If nothing shows up, and you are certain that you have Office installed, see this page for links to manual patch downloads.
A “workaround” offered by Microsoft involves disabling the Equation Editor utility found in Office and Wordpad. This requires registry-editing skills. If you want to give it a go, instructions can be found here.
Note that this workaround seems to imply that Wordpad can be exploited, too. Wordpad is included with every copy of Windows 7 and above. So you may not be safe just because you don’t have MS Office installed. On one of my systems that has never had Office installed, no patches were available in Windows Update (as expected) and the registry keys mentioned in the workaround did not exist. So it was safe to assume that there was no vulnerability.
Microsoft acknowledged the vulnerability and announced its intent to provide a patch concurrently with the launch of its much-ballyhooed “Fall Creators Update” to Windows 10. Meanwhile, Microsoft has this feeble advice for users:
"Meanwhile, we encourage customers to practice safe computing habits online," a Microsoft spokesperson said in a statement, "including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue."
It is unacceptable to delay disclosure of a vulnerability or the release of its patch. It’s incredible that this particular vulnerability eluded detection for seventeen years. Users of any Microsoft products should be highly skeptical of any unusual behaviors by those products, and of course, you should always be on the lookout for suspicious email attachments.
Your thoughts on this topic are welcome. Post your comment or question below...
This article was posted by Bob Rankin on 29 Nov 2017
|For Fun: Buy Bob a Snickers.|
[LEGAL?] Record Streaming Video and Music
The Top Twenty
Geekly Update - 30 November 2017
Post your Comments, Questions or Suggestions
Free Tech Support -- Ask Bob Rankin
Subscribe to AskBobRankin Updates: Free Newsletter
Copyright © 2005 - Bob Rankin - All Rights Reserved
Article information: AskBobRankin -- [ALERT] Is Your Microsoft Word Vulnerable to Hackers? (Posted: 29 Nov 2017)
Copyright © 2005 - Bob Rankin - All Rights Reserved