An Office security breach, which was patched last year, is still being used to infect unpatched computers.
Hacked documents using the vulnerability have been appearing in the last few weeks:
SIMON WERNER GMBH - RFQ.doc
'security instructions' Visa.doc
выписка.doc, 2017april.doc
While the files have .doc extensions, they are really .rtf files.
They all are variations on a problem in Office that was patched back in October 2016. The security bug uses a hacked RTF file to create a memory corruption in Windows. That memory ‘hole’ lets the virus run programs on the computer.
The patched bug was in Word for Windows 2007 – 2016 and Word for Mac 2011 and 2016.
If you keep your Office software up-to-date then there’s no need for concern. The hackers are hoping to infect computers that aren’t patched.
It’s an example of a few points all Office users should know.
RTF files are not ‘safe’.
There’s a widespread belief that RTF (Rich Text Format) files are safe from infection or hacking because they don’t contain macros or code. RTF documents can be used to infect computers by tinkering with the file in non-standard methods, like the memory corruption bug.
There’s a hacking toolkit called AKBuilder which only makes malicious RTF documents.
Beware .doc too
If you get a .doc file, take extra care. The newer and safer .docx format has been around for a decade and there’s no good reason for older .doc files to be used.
Security Patches should be installed
There’s plenty of reason to complain about Microsoft security patches. The delays in release, occasional bugs in the patches themselves plus Microsoft’s slow and incomplete disclosure of those problems.
All those issues should not stop the installation of security patches. They help protect you against infected documents that might slip past anti-virus scans and your own caution before opening new documents.
Thanks to Sophos.com