Microsoft Word Critical Zero-Day Vulnerability Fixed With Tuesday Patch

Microsoft has recently published a fix for their Office Word app to solve the issues of zero-day vulnerability. This issue came to the light when McAfee launched a flag regarding this. Microsoft also announced that this fix will work on every version of Microsoft Office. Besides this it will also work in the latest version of Office 2016 which are designed for Windows 10 platform. The developers of the app also suggested every user download the fix to avoid any further issues regarding zero-day vulnerability.

The update i.e. is the latest fix is published following the Microsoft’s scheduled Tuesday patch out. Though this quick action by the developers also proved that the vulnerability bug was very much critical and thus quick response was needed in time. The developers also published a proof report following the successful debugging of the issue.

In an advisory note, Microsoft said that the zero-day vulnerability bug was basically an execution which can be controlled from remote. It followed the same way by which WordPad and Microsoft Office encrypts special files. Microsoft also added that by using this bug an attacker could take remote control of a system. This way an attacker can also install programs or could delete data from the system without sharing any information with the real user. Apart from these, an attacker could also create an account in the system by using full rights of the user. In the last part of the note, Microsoft added that the bug was fixed by enabling Windows API function so that WordPad and Office can take a grip on this kind of issues.

This critical bug issue was first highlighted by the McAfee as in their research report. It says that the bug issue was first noticed in the last part of the January. McAfee also said that, their expert team was advised to collect some sample after the issue came in front them. After running several tests, it was clear that the attackers were using this bug by linking it up with word file having an extension of .doc. By doing this they were targeting the users who opened an encrypted file by using the affected version of the WordPad and Microsoft office.

They also said that in a case of an email attack, a user account could also be compromised. It can be easily done by sending an encrypted file via email and then forcing a user to open it using WordPad or Microsoft Word. Hence, McAfee and Microsoft suggested every user take care of a file while downloading and opening from an untrusted source. 

 

Leave a Reply

Your email address will not be published. Required fields are marked *