Millions of users have been targeted by sending a malware-riddled Microsoft Word document attachment to email recipients.
Since the vulnerability in Microsoft Word was discovered, cyber criminals have exploited it by tricking users into opening a particular Office file. When the users opens it, this triggers a download warning, and then another document is downloaded from a server that infects the computer. The document is an HTML file (designed to look completely harmless) that contains an embedded program script that runs without notifying the user.
This vulnerability can affect all versions of Microsoft Office on every Windows operating system including the much-heralded Windows 10 – which is deemed the most secure Windows operating system ever.
The most common piece of malware that has been deployed is Dridex, which specializes in stealing bank credentials.
The vulnerability was first spotted by McAfee and is the latest of a long line of bugs that exist or have existed within Microsoft Word.
To fix the security vulnerability please insure you have installed the available Windows Updates as the patch was included in this Tuesday’s rollout.
Also, as usual, to reduce the likelihood of being infected by a virus please ensure the following:
- You have some form of Anti-Virus software installed
- If you receive an email that includes a link or attachment that looks suspicious or you were not expecting, then do not open it
For more information on the update, please refer to: https://support.microsoft.com/en-us/help/4015217