MS Office zero-day exploited in attacks – no enabling of macros required! – Help Net Security
A new zero-day flaw affecting all versions of Microsoft Office is being exploited in attacks in the wild, and no user is safe – not even those who use a fully patched Windows 10 machine.Even worse: targets do not have to anything except run a malicious file in order to get compromised, as the exploit doesn’t require them to enable macros or do anything else.The vulnerabilityThe existence of the flaw was revealed by McAfee researchers on Friday, and confirmed by FireEye researchers on Saturday. The latter shared details about it with Microsoft weeks ago, and were waiting to publicly reveal the flaw once Microsoft pushed out a patch. The patch is still to be released.“The root cause of the zero-day vulnerability is related to the Windows Object Linking and Embedding (OLE), an important feature of Office,” McAfee researchers noted.
This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.