The Microsoft Word Bug That Bypasses Anti-Malware Defences

  • 465
  •  
  •  
  • 1
  •  
  •  
  •  
    466
    Shares

Another Microsoft Office vulnerability has surfaced online that threatens most MS Office users. This time, the flaw appears in MS Word that allows potential attackers to bypass all security measures upon exploit. However, the vendors refused to patch this Microsoft Word bug despite knowing about it for long.

Microsoft Word Bug Under Active Exploits

Researchers from Mimecast Research Labs have uncovered active exploits of a Microsoft Word bug. They found that the vulnerability allows attackers to evade all security measures such as antimalware on the target system.

The flaw basically exists in the way of handling Integer Overflow errors by Microsoft Word in OLE file format. Together with another memory corruption vulnerability (CVE-2017-11882) patched earlier, the researchers found hackers actively exploiting the vulnerability to take over systems. The group of hackers allegedly belongs to Serbia. They use specially crafted Microsoft Word documents to exploit the OLE vulnerability, thereby bypassing all security measures. As stated by Mimecast,

“The group was able to exploit this bug to circumvent many security solutions designed to protect data from infestation, including leading sandbox and anti-malware technologies.”

In the case analyzed by Mimecast, hackers allegedly dropped JACKSBOT malware to the target systems. This malware allows the attackers to gain complete access to the victim machine. About the malware, the researchers state,

“Malware code reveals that it is capable of visiting URLs, creating files and/or folders, running shell commands, and executing and ending programs. It can also steal information by logging keystrokes and mouse events.”

The researchers have elaborated about the technicalities of the exploit in their report.

No Patch From Microsoft

Upon discovering the exploit, Mimecast reached Microsoft, informing them of the flaw. While Microsoft acknowledged their report, they allegedly refused to release a fix for now.

“Microsoft acknowledged it was unintended behavior, but declined to release a security patch at this time, as the issue on its own does not result in memory corruption or code execution. The issue may be fixed at a later date.”

Mimecast discovered and reported the vulnerability to Microsoft in May 2018. However, the flaw still persists allowing the hackers active exploitation.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!