Not even an office application like Word gets rid of the extremely serious security holes that can be attacked to take control of any computer. In this case, security researchers are alerting to the existence of a zero-day vulnerability that affects almost all versions of Word in almost all operating systems in which it is available (on completely updated computers too).
All details of the type of attack that can be performed using Microsoft Word were recently published. It all starts with an email that has an attached document of the popular office suite. This is what FireEye security experts have explained in their blog. Once they have managed to download it and open it, it activates the malicious code of that file.
The malicious code connects to the attacker’s server from where he downloads an HTML application designed to look like a rich text document, but actually starts downloading different samples of malware to the attacked computer. The main problem is that almost all versions of Office are affected, even in Windows 10.
In addition, it is able to bypass all safety and mitigation measures. It is an attack that does not require the use of macros, the functionality of Word had been exploited till date for the darker purposes. In this attack, everything looks as if a normal document, without allowing users to be aware of anything.
Those responsible for the finding say that they are in constant communication with Microsoft and that they had decided not to publish the details until the corresponding security patch was released. However, the fact that McAfee published all the details, precipitated that they also gave them in his blog.
At the moment, it is unknown if this Tuesday we will have the patch to close the vulnerability, so we will have to wait a few hours to get out of doubt. Until then, users should exercise extreme caution with the Word document attachments they receive in their e-mail trays.