The Microsoft Word Bug That Bypasses Anti-Malware Defences

Another Microsoft Office vulnerability has surfaced online that threatens most MS Office users. This time, the flaw appears in MS Word that allows potential attackers to bypass all security measures upon exploit. However, the vendors refused to patch this Microsoft Word bug despite knowing about it for long.

Microsoft Word Bug Under Active Exploits

Researchers from Mimecast Research Labs have uncovered active exploits of a Microsoft Word bug. They found that the vulnerability allows attackers to evade all security measures such as antimalware on the target system.

The flaw basically exists in the way of handling Integer Overflow errors by Microsoft Word in OLE file format. Together with another memory corruption vulnerability (CVE-2017-11882) patched earlier, the researchers found hackers actively exploiting the vulnerability to take over systems. The group of hackers allegedly belongs to Serbia. They use specially crafted Microsoft Word documents to exploit the OLE vulnerability, thereby bypassing all security measures. As stated by Mimecast,

“The group was able to exploit this bug to circumvent many security solutions designed to protect data from infestation, including leading sandbox and anti-malware technologies.”

In the case analyzed by Mimecast, hackers allegedly dropped JACKSBOT malware to the target systems. This malware allows the attackers to gain complete access to the victim machine. About the malware, the researchers state,

“Malware code reveals that it is capable of visiting URLs, creating files and/or folders, running shell commands, and executing and ending programs. It can also steal information by logging keystrokes and mouse events.”

The researchers have elaborated about the technicalities of the exploit in their report.

No Patch From Microsoft

Upon discovering the exploit, Mimecast reached Microsoft, informing them of the flaw. While Microsoft acknowledged their report, they allegedly refused to release a fix for now.

“Microsoft acknowledged it was unintended behavior, but declined to release a security patch at this time, as the issue on its own does not result in memory corruption or code execution. The issue may be fixed at a later date.”

Mimecast discovered and reported the vulnerability to Microsoft in May 2018. However, the flaw still persists allowing the hackers active exploitation.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients