By Zack Whittaker
The bug affects all supported versions of Microsoft Word, but will be fixed this week. Attackers are exploiting a previously undisclosed vulnerability in Microsoft Word, which security researchers say can be used to quietly install different kinds of malware — even on fully-patched computers. Unlike most document-related vulnerabilities, this zero-day bug that has yet to be patched doesn’t rely on macros — in which Office typically warns users of risks when opening macro-enabled files. Instead, the vulnerability is triggered when a victim opens a trick Word document, which downloads a malicious HTML application from a server, disguised to look like a Rich Text document file as a decoy. The HTML application meanwhile downloads and runs a malicious script that can be used to stealthily install malware.
Share on Facebook