Exploit Wednesday follows Patch Tuesday Word update
Action adds to malicious reaction
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
The trend for exploiting vulnerabilities around the same time as Microsoft's monthly Patch Tuesday update continues.
Hackers have crafted a new Word exploit based on a memory corruption vulnerability addressed by Microsoft on Tuesday. The flaw was already exploited prior to the release of the fix, according to Microsoft.
Until this week the critical flaw had only been exploited in targeted attacks, but it's now getting wider play.
Symantec reports that the vulnerability is now being exploited in more widespread attacks. Malformed Word documents doing the rounds contain shell code and three pieces of malware. The malware package is unusual in that it was created using the Word for Macintosh format instead of the standard Windows (OLE) format.
Despite the formating, the malicious Word documents are actually targeted at infecting Windows PCs, according to a preliminary analysis by Symantec.
Detection against the malware - dubbed the Mdropper-Z Trojan - has been added to Symantec's security software. It also detected the separate malware files contained in the payload of the maliciously-constructed word files as Trojan-Dropper, Backdoor-Trojan, and Hacktool-Rootkit.
The use of older file formats in the exploit could backfire on hackers. "The good news is that the default configuration in Microsoft Office 2007 and Office 2003, Service Pack 3 will not allow you to open some older Office file formats, including Office for Macintosh documents," Symantec notes. ®
COMMENTS
I can't believe it
"the default configuration in Microsoft Office 2007 and Office 2003, Service Pack 3 will not allow you to open some older Office file formats, including Office for Macintosh documents"
So, Microsoft trashing its own compatibility is now a feature ? And a security one at that ?
And I note that this is not the first time it happens. Office 2000 was already a dog with Office 98 formats. Does anyone think that businesses may be avoiding Office 2007 on purpose ?
On the other hand, one must look at the achievement : Microsoft Office is now a cross-platform virus writing machine. Write it on a Mac and crash a Windows box !
Is that progress ? Or is it ?
0day turnover
The trend of exploiting an issue within days of the fix coming out is not a microsoft thing. Exploit developers regularly keep the 0day exploits within their 'crew' until the day a fix is released, then they release the exploit for 'props'.
The thing to remember is that exploits are rarely ever released while they're still big enough to cause serious damage. They're only ever released when they can be used in a limited capacity against those who don't stay up to date.
.... including Office for Macintosh documents
Typical, spend $349 on Mac Office, and now they break it's compatibility with other office products.
Time to get rid of M$ and put in OpenOffice around the entire office to ensure compatibility I think.
/ Mat
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
