Microsoft Office Word 0-day remote code execution vulnerability
On April 7, two researchers from McAfee and FireEye broke a 0-day vulnerability in Microsoft Office Word. By sending a message with an OLE2link object attachment, when the user opens the attachment, the code executes and connects to an attacker-controlled remote server, thereby downloading a malicious HTML application file (HTA) that will disguise Become a Microsoft RTF document.
When the HTA file is automatically executed, the attacker gets permission to execute arbitrary code, can download more malware to control the infected user’s system, and turn off the original Word document. It is understood that the 0-day vulnerability as early as January this year has been found in the attack and use, the target should be some specific users. Microsoft should fix the vulnerability on Tuesday’s routine security update.
- All current Microsoft Office versions
How to precausion
- Do not open any Office Word documents from an unknown source.
- The user can prevent the vulnerability from being exploited by opening the Protected View feature
- Microsoft should be released in the relevant repair patch on Tuesday, please download the update in time to protect the vulnerability.