1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This malicious Word doc doesn't even have to be opened to infect

    From TechnologyDaily@1337:1/100 to All on Tue Mar 7 13:15:03 2023
    This malicious Word doc doesn't even have to be opened to infect your PC

    Date:
    Tue, 07 Mar 2023 13:00:33 +0000

    Description:
    Previewing the file is enough to have the threat actor run code remotely.

    FULL STORY ======================================================================

    Last week, cybersecurity researcher Joshua Drake published a proof-of-concept for a vulnerability in Microsoft Word, detailing a way for threat actors to deliver malware without users ever needing to open a file.

    The vulnerability is tracked as CVE-2023-21716. Its been given a 9.8 severity score and deemed critical, as it allows for remote code execution.

    BleepingComputer reported that Microsoft fixed it in the February Patch Tuesday cumulative update. No evidence of abuse

    Those that do not apply the patch risk having their endpoints compromised merely by loading a malicious .RTF document in the preview pane.

    As per Drake's report, the RTF parser in Microsoft Word carries a heap corruption flaw that can be activated when dealing with a font table containing an excessive number of fonts. Whats more, the vulnerability is relatively easy to write, as its entire code can fit in a single tweet.

    On the other hand, Microsoft reassured users that threat actors actually abusing the flaw is less likely, adding that there is no evidence this has happened in the wild. Truth be told, we cant say for certain if Drakes PoC
    can be weaponized or not, as they only showed the exploitation in theory.
    Read more

    This major new security flaw affects all versions of Windows - here's what
    you need to know


    These popular VPN routers are being hacked to spread malware


    These are the best endpoint protection tools

    For those not interested in risking anything, the best way to stay protected is to apply Microsofts cumulative update published in the February Patch Tuesday. Those that cant apply the fix for whatever reason should either read emails in plain text format, or enable the Microsoft Office File Block
    policy, which bans Office apps from opening RTF documents originating from untrusted sources.

    The latter requires a bit more skill, though, as the Windows Registry needs
    to be tweaked. Furthermore, if you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system, Microsoft cautions.

    Also, if you dont set up an exempt directory, you might not be able to open any RTF document anymore. Check out the best firewalls

    Via: BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-malicious-word-doc-doesnt-even-have-to-be- opened-to-infect-your-pc


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)