A new vulnerability in Microsoft Word allows attackers to bypass all the Anti-Malware Defences

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

A new vulnerability that affects Microsoft Word has been discovered by a group of researchers from Mimecast Research Labs. The vulnerability affects Microsoft Word and Microsoft seems disinterested in patching it any time soon.

The researchers confirmed a bug that allows hackers to evade all security measures such as antimalware on the target system. The flaw targets the way Microsoft handles Integer Overflow errors in OLE file format. A group of hackers based out of Syria has exploited the OLE vulnerability to bypass all security measures.

The group was able to exploit this bug to circumvent many security solutions designed to protect data from infestation, including leading sandbox and anti-malware technologies.

Malware code reveals that it is capable of visiting URLs, creating files and/or folders, running shell commands, and executing and ending programs. It can also steal information by logging keystrokes and mouse events.

Mimecast Research Labs has already informed Microsoft about the vulnerability but the company said it’s not interested in fixing it right now.

Microsoft acknowledged it was unintended behavior, but declined to release a security patch at this time, as the issue on its own does not result in memory corruption or code execution. The issue may be fixed at a later date.

Via: Latest Hacking News

User forum

0 messages