Items tagged with microsoft word

A freelance security consultant and Handler at SANS Internet Storm Center has discovered a rather interesting exploit in Microsoft Word, one that allows an attacker to abuse the productivity program's ability to auto-update links. This is a feature that is enabled by default—when you add links to external sources like URLs, World with automatically update them without any prompts. Therein lies the issue. "The infection vector was classic: The document (‘N_Order#xxxxx.docx with 5 random numbers) was received as an attachment and has a VT score of 12/59 this morning. The file has an embedded link to another document which is a malicious RTF file that tries to exploit the CVE 2017-0199," security... Read more...