Hackers have found yet another way to put viruses on users' computers. Attackers are exploiting a previously undisclosed bug in Microsoft Word. According to security researchers, this failure can be used to silently install different types of malwares, even on fully protected computers.
How does this happen?
Unlike most document-related failures, this bugs that has not yet been fixed does not depend on macros in which the Office usually warns users of scratches when opening macro-enabled files.
Instead, the vulnerability is thrown when a victim opens a Word Document, which downloads an application HTML malicious way of a server, disguised to resemble a document file Rich Text. However, the HTML application downloads and executes a script which can be used to install stealthily malwares.
According to McAfee researchers, who first reported the finding on Friday, said that the HTML application is executable and that hackers can run the code on the affected computer by avoiding memory-based mitigations designed to avoid these types of attacks.
The flaw can be exploited in all versions of Office, including the latest Office 2016. A Microsoft spokesperson has confirmed that the company will issue a fix for the bugs on Tuesday as part of its monthly release of security fixes and patches.
