Feeds

Exploit Wednesday follows Patch Tuesday Word update

Action adds to malicious reaction

Security for virtualized datacentres

The trend for exploiting vulnerabilities around the same time as Microsoft's monthly Patch Tuesday update continues.

Hackers have crafted a new Word exploit based on a memory corruption vulnerability addressed by Microsoft on Tuesday. The flaw was already exploited prior to the release of the fix, according to Microsoft.

Until this week the critical flaw had only been exploited in targeted attacks, but it's now getting wider play.

Symantec reports that the vulnerability is now being exploited in more widespread attacks. Malformed Word documents doing the rounds contain shell code and three pieces of malware. The malware package is unusual in that it was created using the Word for Macintosh format instead of the standard Windows (OLE) format.

Despite the formating, the malicious Word documents are actually targeted at infecting Windows PCs, according to a preliminary analysis by Symantec.

Detection against the malware - dubbed the Mdropper-Z Trojan - has been added to Symantec's security software. It also detected the separate malware files contained in the payload of the maliciously-constructed word files as Trojan-Dropper, Backdoor-Trojan, and Hacktool-Rootkit.

The use of older file formats in the exploit could backfire on hackers. "The good news is that the default configuration in Microsoft Office 2007 and Office 2003, Service Pack 3 will not allow you to open some older Office file formats, including Office for Macintosh documents," Symantec notes. ®

Beginner's guide to SSL certificates

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.