Decades-old Microsoft Office Vulnerability to Deliver Malware

  • CERT Admin
  • Fri Apr 10 2020
  • Alerts

Threat Level 

High 

Overview 

With COVID-19 crisis, Cybercriminals are busy scamming and delivering malware using the attention-getting virus as a lure. 

Description 

According to the United States Secret Service (USSS) advisory, attackers are using two decade old Microsoft Office memory corruption vulnerability (CVE-2017-11882), for which Microsoft released a security patch in November 2017.

An attacker will send a phishing email disguised as coming from a hospital. E-mail contains a malware infected attachment mostly Microsoft office related documents such as excel file, word document, etc. Malware get active when victim opens the mail attachment.

Malware is capable of stealing credentials, open shares on networks and view all files and folders as well as discover and take cryptographic information.

There are chances that the attacker could send an email with .EXE file disguised as an PDF file fooling the recipients into believing that they were opening a PDF file containing list of needed supplies.

Impact

  ✻  Losing control of your windows PC
  ✻  Stealing credentials & personal information
  ✻  If the same password is used on other applications or computers in the same network, all of devices can get compromised
  ✻  Malware infections possible of ransomware viruses 

Solution/ Workarounds  

  ✻  Update Microsoft Office package
  ✻  Update operating system with the latest security patch
  ✻  Never open email attachments unless you know sender
  ✻  Refrain clicking unknown links 

References 

  ✻  https://www.csoonline.com/article/3536696/us-secret-service-warns-of-malicious-emails-offering-covid-19-information.html 

Disclaimer 

The information provided herein is on "as is" basis, without warranty of any kind. 

Last updated: Fri Apr 10 2020