Microsoft Word 0-day used to push dangerous Dridex malware on millions


Enlarge / A sample e-mail from Dridex campaign exploiting Microsoft Word zero-day. (credit: Proofpoint) Booby-trapped documents exploiting a critical zero-day vulnerability in Microsoft Word have been sent to millions of people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet. As Ars reported on Saturday, the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn’t require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft’s most secure operating system ever. The flaw is known to affect most or all Windows versions of Word, but so far no one has ruled out that exploits might also be possible against Mac versions. Researchers from security firms McAfee and FireEye warned that the malicious Word documents are being attached to e-mails but didn’t reveal the scope or ultimate objective of the campaign. In a blog post published Monday night , researchers from Proofpoint filled in some of the missing details, saying the exploit documents were sent to millions of recipients across numerous organizations that were primarily located in Australia. Proofpoint researchers wrote: Read 2 remaining paragraphs | Comments

Continued here:
Microsoft Word 0-day used to push dangerous Dridex malware on millions


Please enter your comment!
Please enter your name here


This site uses Akismet to reduce spam. Learn how your comment data is processed.