FireEye confirmed that its researchers had shared details of the vulnerability with Microsoft and had been working with the tech giant for several weeks in request for public disclosure along with the release of a patch by the company.
Microsoft also released additional updates for vulnerabilities in its products overnight, as part of its monthly security updates.
In the meantime, users should be wary of documents received from untrusted sources and should enable the Office Protected View mode because it can block this attack.
Kante admits to choosing Chelsea over Arsenal
Earlier this year, Arsenal boss Arsene Wenger confirmed that he is a long-time fan of Kante and that he tried to sign him on multiple occasions.
When contacted by eWEEK's Sean Michael Kerner, a Microsoft spokesperson said a patch was set to arrive on April 11. To the user, the HTA file appears as a Microsoft Rich text document with a.doc extension.
Two cybersecurity firms have uncovered vulnerabilities in Microsoft Office files that have allowed hackers to install malware through Word documents.
As per our previous coverage, it was known that the vulnerability was being actively exploited by at least three separate attackers. In a blog post, the anti-virus company also said that the unsafe malware attack is possible due to Microsoft's OLE (Object, Linking, and Embedding) technology, TNW has reported.
The emails use spoofed email domains and attachments that pretend they are scanned documents to lure users into opening them.
The attack bypasses most exploit mitigation measures, including those contained in Windows 10, Microsoft's most secure operating system. Proofpoint also disclosed that the malware was called Dridex, a unsafe banking malware that exploits Microsoft Office and once the computer is infected, it steals banking information of the user. Once the user has opened the files, their PC will automatically download contained HTM application that enables criminals to have a full access on the user's machine.
"According to our tests, this active attack can not bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled".
- California Strikes Deal with Truckers to Hike Fuel Tax
- Man who killed wife at California school called her 'angel'
- Leicester City skipper Wes Morgan out of Everton trip with back injury
- Efe wins Big Brother Naija reality show
- Rose, Garcia Tied for Lead at Masters in Prelude to Finale
- AIMPLB vice-president's statement on triple talaq his 'personal view': Muslim cleric
- Yankees Michael Pineda turns in sparkler in home-opener win
- Taiwan bans sale, consumption of dog and cat meat
- BlackBerry Limited (NASDAQ:BBRY) Experiencing Unusual Activity Mid-day
- Ruff not returning as Stars coach after missing playoffs