Microsoft released a patch Tuesday that fixed a zero-day vulnerability in Microsoft Word that left the popular word processor susceptible to attacks.
According to the patch, released as part of Microsoft’s typical Tuesday software updates, the computing giant resolved an issue that “could allow remote code execution if a user opens a specially crafted Office file.”
The vulnerability was first spotted late last week by security researchers at McAfee, who found the zero-day—a term for an unknown security vulnerability that has yet to be fixed—was being exploited by a spam-driven attack and used to spread malware.
Researchers who spotted the security flaw said attackers were able to exploit the vulnerability by sending a massive spam campaign use emails designed to look like they came from Microsoft. Attached to the emails was a Microsoft Word document containing malicious attachments.
The spam messages often came from spoofed domains and contained terms like “copier”, “documents”, “noreply”, “no-reply” or “scanner”. The subject line in the attacks contained the term “Scan Data” and included attachments named “Scan_123456.doc” or “Scan_123456.pdf” with randomly generated numbers.
The attack was capable of bypassing many of the mitigation systems built into Microsoft Office and Windows designed to stop malicious files from executing. In a test of the attack by security firm Proofpoint, they found the exploit only required the user to attempt to open the document. Once Microsoft Office launched in attempts to read the file, it would be infected.
When successful, the attack would lead to the installation of Dridex malware, a particularly notorious strand of virus known for targeting and stealing a user’s banking credentials.
The zero-day vulnerability affects multiple versions of Microsoft Office, including the most recent edition of Office 2016 running on Windows 10.
How To Protect Yourself From The Attack
To mitigate the security flaw, users should download the most recent patch from Microsoft. The company notes users “must have the release version of Service Pack 2 for Office 2010 installed on the computer” to apply the security update.
Security experts also recommend blocking RTF documents in Microsoft Word. To do so, click the File tab, then click options. Click on the Trust Center, and open the Trust Center Settings. In the Trust Center, click File Block Settings. Check the box next to “RTF” to ensure that type of file cannot be opened by Microsoft Office.