Skip to content
Windows

A simple Word file can expose information about you without you noticing

July 1, 2017
Vulnerable Word file.

Is it true that a simple word file can expose information? Well, one more vulnerability was found that can do it without you noticing. ENTERS!

 

WE START:

FireEye recently published on their official site, that they had found a vulnerability in the Microsoft Word program, this flaw allows malicious software written in Visual Basic to be executed.

Specifically, there was talk of a type of format that is RTF, when this malware is executed, it can take control of the computer that is being the victim of the attack.

How does such an attack work?

To prevent us from being part of the statistics, we need to know what the method of operation of this Malware is. In this series of steps I will explain how it works.

  • The method of operation is to send an email, this email will contain an attachment made in Microsoft Word with the extension RTF, it will be a wolf in sheep's clothing.
  • This email will be sent to the victim, who when opening the file executes the winword.exe process, with which the word processor is opened, when performing this step, an HTTP request is sent to a remote server at the same time to bring back to the malicious hta file, which will appear disguised, pretending to be a file with an RTF extension.
  • The HTA application downloads and executes the malicious script, this script begins to work and the first task it has is to close the windord.exe process to quickly hide the process generated by the OLE2link.
We recommend you:  How to burn Windows 10 to a USB stick

What can be done to prevent a similar attack?

This open door was detected for all versions of Microsoft Word, it can also run on any operating system in the house, even Windows 10 itself, FireEye has notified Microsoft, so that they can somehow launch a patch and make it more secure using your word processor.

Prevention is the best recommendation, in case you have an email with an attachment in your inbox, and that email comes from someone who does not belong to your contact list, the safest thing to do is delete it.

These types of vulnerabilities will always be present, it is like cutting off a dragon's head so that later two will come out, the people who develop this type of malicious software will always look for a new way to carry out attacks.

Source FireEye | Short-lived metadata can cause serious problems

Doubts questions?
I hope I have helped you and I hope you are done with the post. If you don't understand something, contact our team using the floating chat (located in the lower right part of your screen) to leave us your question.

You can see our most recent posts on our page start from the blog. Like us on our Facebook page so you don't miss any news.

GOOD MORNING AND GREETINGS FROM OUR TEAM!