{"id":13257,"date":"2017-09-20T08:41:40","date_gmt":"2017-09-20T08:41:40","guid":{"rendered":"https:\/\/digital-sentinel.com\/?p=13257"},"modified":"2020-02-01T11:39:52","modified_gmt":"2020-02-01T11:39:52","slug":"microsoft-office-vulnerabilities-mean-no-doc-safe","status":"publish","type":"post","link":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/","title":{"rendered":"Microsoft Office vulnerabilities mean no .doc is safe"},"content":{"rendered":"

It’s an unsafe Office environment.<\/p>\n

Two cybersecurity firms have uncovered vulnerabilities in Microsoft Office files that have allowed hackers to install malware through Word documents. The exploit — referred to as “zero day,” because it hasn’t yet been patched — works on all Microsoft Office versions, with attacks stretching back to late January,\u00a0according to McAfee<\/a>.<\/p>\n

The suite of programs, which incorporates Word, Excel and PowerPoint, is used by 1.2 billion people,\u00a0according to Microsoft<\/a>.<\/p>\n

Microsoft plans to issue an update Tuesday to address the vulnerability. Tuesday also is the day that the software giant\u00a0launches its momentous Windows 10 Creators Update<\/a>.<\/p>\n

“Meanwhile, we encourage customers to practice safe computing habits online,” a Microsoft spokesperson said in a statement, “including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue.”<\/p>\n

\n
\"tax-4.jpg\"Enlarge Image<\/a><\/div>
An email pretending to have tax information with a virus hidden in a Microsoft Word document.<\/p>\n

IBM Security Report<\/span><\/figcaption><\/figure>\n

The malware can be disguised as important files or documents sent over email, meaning a student’s homework or an office presentation could be harboring the next attack. You might even have to worry about your finances: Researchers have found that during tax season\u00a0hackers send spam emails pretending to be from a “tax officer”<\/a>\u00a0with a fake tax refund form attached as a Word document, with malware embedded.<\/p>\n

The attack cannot be activated if people open the documents in Office’s protected view, McAfee said.<\/p>\n

The exploit works like this: The attacker gives an RTF file a .doc extension name. Once the victim opens the disguised text document, it connects to the attacker’s servers and automatically downloads an HTML application file and launches it, giving the hacker full control of your device.<\/p>\n

If the exploit is successful, it closes the downloaded Word document and creates a fake copy of it, while quietly installing malware in the background.<\/p>\n

The vulnerability comes from Windows Object Linking and Embedding feature,\u00a0according to FireEye<\/a>. The cybersecurity firm said it’s informed Microsoft and is coordinating with the company to address the vulnerability.<\/p>\n","protected":false},"excerpt":{"rendered":"

It’s an unsafe Office environment. Two cybersecurity firms have uncovered vulnerabilities in Microsoft […]<\/p>\n","protected":false},"author":3,"featured_media":13258,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[67],"tags":[],"yoast_head":"\nMicrosoft Office vulnerabilities mean no .doc is safe - Digital Sentinel<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Microsoft Office vulnerabilities mean no .doc is safe - Digital Sentinel\" \/>\n<meta property=\"og:description\" content=\"It’s an unsafe Office environment. Two cybersecurity firms have uncovered vulnerabilities in Microsoft […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/\" \/>\n<meta property=\"og:site_name\" content=\"Digital Sentinel\" \/>\n<meta property=\"article:published_time\" content=\"2017-09-20T08:41:40+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-02-01T11:39:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png\" \/>\n\t<meta property=\"og:image:width\" content=\"256\" \/>\n\t<meta property=\"og:image:height\" content=\"256\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"twitter:card\" content=\"summary\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Digital-Sentinel\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Organization\",\"@id\":\"https:\/\/digital-sentinel.com\/#organization\",\"name\":\"Digital Sentinel\",\"url\":\"https:\/\/digital-sentinel.com\/\",\"sameAs\":[],\"logo\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digital-sentinel.com\/#logo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif\",\"contentUrl\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif\",\"width\":613,\"height\":224,\"caption\":\"Digital Sentinel\"},\"image\":{\"@id\":\"https:\/\/digital-sentinel.com\/#logo\"}},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/digital-sentinel.com\/#website\",\"url\":\"https:\/\/digital-sentinel.com\/\",\"name\":\"Digital Sentinel\",\"description\":\"Profit Protection Technology\",\"publisher\":{\"@id\":\"https:\/\/digital-sentinel.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/digital-sentinel.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#primaryimage\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png\",\"contentUrl\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png\",\"width\":256,\"height\":256},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#webpage\",\"url\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/\",\"name\":\"Microsoft Office vulnerabilities mean no .doc is safe - Digital Sentinel\",\"isPartOf\":{\"@id\":\"https:\/\/digital-sentinel.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#primaryimage\"},\"datePublished\":\"2017-09-20T08:41:40+00:00\",\"dateModified\":\"2020-02-01T11:39:52+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/digital-sentinel.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Microsoft Office vulnerabilities mean no .doc is safe\"}]},{\"@type\":\"Article\",\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#webpage\"},\"author\":{\"@id\":\"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2\"},\"headline\":\"Microsoft Office vulnerabilities mean no .doc is safe\",\"datePublished\":\"2017-09-20T08:41:40+00:00\",\"dateModified\":\"2020-02-01T11:39:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#webpage\"},\"wordCount\":352,\"publisher\":{\"@id\":\"https:\/\/digital-sentinel.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png\",\"articleSection\":[\"Hack\"],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2\",\"name\":\"Digital-Sentinel\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/digital-sentinel.com\/#personlogo\",\"inLanguage\":\"en-US\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g\",\"caption\":\"Digital-Sentinel\"},\"url\":\"https:\/\/digital-sentinel.com\/author\/digital-sentinel\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Microsoft Office vulnerabilities mean no .doc is safe - Digital Sentinel","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/","og_locale":"en_US","og_type":"article","og_title":"Microsoft Office vulnerabilities mean no .doc is safe - Digital Sentinel","og_description":"It’s an unsafe Office environment. Two cybersecurity firms have uncovered vulnerabilities in Microsoft […]","og_url":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/","og_site_name":"Digital Sentinel","article_published_time":"2017-09-20T08:41:40+00:00","article_modified_time":"2020-02-01T11:39:52+00:00","og_image":[{"width":256,"height":256,"url":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png","type":"image\/png"}],"twitter_card":"summary","twitter_misc":{"Written by":"Digital-Sentinel","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Organization","@id":"https:\/\/digital-sentinel.com\/#organization","name":"Digital Sentinel","url":"https:\/\/digital-sentinel.com\/","sameAs":[],"logo":{"@type":"ImageObject","@id":"https:\/\/digital-sentinel.com\/#logo","inLanguage":"en-US","url":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif","contentUrl":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/Digital-Sentinel.gif","width":613,"height":224,"caption":"Digital Sentinel"},"image":{"@id":"https:\/\/digital-sentinel.com\/#logo"}},{"@type":"WebSite","@id":"https:\/\/digital-sentinel.com\/#website","url":"https:\/\/digital-sentinel.com\/","name":"Digital Sentinel","description":"Profit Protection Technology","publisher":{"@id":"https:\/\/digital-sentinel.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/digital-sentinel.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#primaryimage","inLanguage":"en-US","url":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png","contentUrl":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png","width":256,"height":256},{"@type":"WebPage","@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#webpage","url":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/","name":"Microsoft Office vulnerabilities mean no .doc is safe - Digital Sentinel","isPartOf":{"@id":"https:\/\/digital-sentinel.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#primaryimage"},"datePublished":"2017-09-20T08:41:40+00:00","dateModified":"2020-02-01T11:39:52+00:00","breadcrumb":{"@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/digital-sentinel.com\/"},{"@type":"ListItem","position":2,"name":"Microsoft Office vulnerabilities mean no .doc is safe"}]},{"@type":"Article","@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#article","isPartOf":{"@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#webpage"},"author":{"@id":"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2"},"headline":"Microsoft Office vulnerabilities mean no .doc is safe","datePublished":"2017-09-20T08:41:40+00:00","dateModified":"2020-02-01T11:39:52+00:00","mainEntityOfPage":{"@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#webpage"},"wordCount":352,"publisher":{"@id":"https:\/\/digital-sentinel.com\/#organization"},"image":{"@id":"https:\/\/digital-sentinel.com\/hack\/microsoft-office-vulnerabilities-mean-no-doc-safe\/#primaryimage"},"thumbnailUrl":"https:\/\/digital-sentinel.com\/wp-content\/uploads\/imgingest-6089810038860411309.png","articleSection":["Hack"],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/digital-sentinel.com\/#\/schema\/person\/78a25f0a40a470633a45d6c98b60f0b2","name":"Digital-Sentinel","image":{"@type":"ImageObject","@id":"https:\/\/digital-sentinel.com\/#personlogo","inLanguage":"en-US","url":"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/34ea0504bbaf2d4274b9488fb3281aa1?s=96&d=mm&r=g","caption":"Digital-Sentinel"},"url":"https:\/\/digital-sentinel.com\/author\/digital-sentinel\/"}]}},"_links":{"self":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/posts\/13257"}],"collection":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/comments?post=13257"}],"version-history":[{"count":1,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/posts\/13257\/revisions"}],"predecessor-version":[{"id":13336,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/posts\/13257\/revisions\/13336"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/media\/13258"}],"wp:attachment":[{"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/media?parent=13257"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/categories?post=13257"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/digital-sentinel.com\/wp-json\/wp\/v2\/tags?post=13257"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}