Security researchers have identified a new zero-day vulnerability in Microsoft Corp.’s (MSFT) Word text-editing application that enables hackers to install malware on unsuspecting victims computers. Zero-day refers to a security vulnerable that has gone unfixed.
According to researchers at McAfee, the cybersecurity company, the security hole happens when a victim opens a fake Word document which in turn downloads a malicious HTML application that looks like a Rich Text document. The HTML application runs a script that can be used to install the malware. McAfee said the exploit works on all Microsoft Office versions, including Office 2016 running on Windows 10. The security firm said the earliest attacks on Word were spotted at the end of January.
Warning: Do Not Open
“We notified the Microsoft Security Response Center as soon as we found the suspicious samples, and we will continue to work with them to protect Office users,” McAfee wrote. It urged Microsoft Officer users to not open any Office files from untrustworthy senders and to ensure the Office Protected View is enabled because the attack can’t get around that. Microsoft said the security hole will be fixed when it rolls out patches on Tuesday. (See also: Microsoft Stock Nets 52-Week High on Earnings Beat.)
This isn’t the first time this year Microsoft has been having problems with its products online. Late last month, Microsoft faced an outage that brought down some of Microsoft Outlook, Skype, OneDrive and Xbox Live for a short period. The outage was the second one in March for the software giant that is increasingly moving its offerings to the cloud.
DownDetector, the website that follows internet outages, reported an increase in troubles with Outlook and Xbox Live with Microsoft acknowledging the outage via its Xbox Live Status saying: “Our engineers and developers are actively continuing to work to resolve the issue causing some members to have problems finding previously-purchased content or purchasing new content. Stay tuned, and thanks for your patience.” Earlier in March, an outage prevented users from accessing a host of applications and services including Xbox, Skype and Outlook. Many Microsoft customers in Western Europe and the Eastern U.S. were greeted with a message that their account wasn’t active when they tried to log on.