Unpatched Office software still being used to attack computers


You might be forgiven for thinking that Microsoft Office isn’t so much software as a ‘trojan horse’ allowing hackers the opportunity to destroy, copy or ransom your valuable information.

That’s overkill, of course, but each week there’s yet another new attack on millions of computers relying on Microsoft Office.  If it’s not a newly found security bug in one of the Office programs, it’s a cunning trick taking advantage of an existing security hole.

Here’s the latest example of hackers taking advantage of the unpatched and unwary.

Zyklon

Zyklon malware has been around since 2016 but is making a resurgence in the last few weeks.

It’s a multi-purpose nastie that can log your keystrokes (to get login details), copy passwords, start  distributed denial of service (DDoS) attacks and even mine cryptocurrency.  Zyklon “automatically detects and decrypts the licence/serial keys of more than 200 popular pieces of software, including Office, SQL Server, Adobe, and Nero”.

It’s reappearing on computers now courtesy of, you guessed it, security holes in Microsoft Office.

Three security bugs in Office are being leveraged in emails with infected .doc attachments.   Once the hackers have used Microsoft Word to gain access, they install Zyklon and can ‘go to town’ on your computer, data and privacy.

All three bugs  CVE-2017-8759CVE-2017-11882 (Equation Editor) and one of the many DDE bugs are used by the hackers in the latest attacks.  These bugs have already been patched by Microsoft.

What to do?

Hackers are counting on two things to make their attack work:

  • Unpatched copies of Microsoft Office. It’s important to keep all your copies of Office up to date.  Yes, it can be a PITA especially for older versions of Office.  Yes, sometimes the patches themselves are faulty.  Better to protect yourself from known security holes before it’s too late.
  • Opening .doc files. It’s been ten years since .docx, .xlsx etc file formats came out.  There’s no good reason for a legitimate email to use an old and suspect .doc, .xls or .ppt file attachments.    If you get an .doc file from someone you think is ‘real’, don’t open it.  Instead reply and politely ask them to resend as a .docx or .pdf.