Severe Zero-Day Vulnerability Targets Clients
A new Microsoft Office vulnerability puts million of its clients at risk of being attacked by dark web hackers. As the creator of the most utilized software, the tech giant has become the most targeted Internet businesses with daily hacking campaigns launched by threat actors. Thus, even a tiny security flaw could be infiltrated by criminal hackers. Recently, its cyber analysts’ team has tracked a high increase in remote code execution attacks launched against the Microsoft brand.
According to the cyber researchers, the vulnerability recorded as a Zero-day bug has already gained notoriety with the hacking community. By exceeding the zero-day allow to fix the problem; it is now being actively exploited through targets on Microsoft Office programs.
The significantly intrusive vulnerability was discovered by a security researcher alias Crazymanarmy, who is an analyst with the Shadow Chaser Group. Further investigation shows that the cyber security team revealed that a hacker can potentially launch remote code execution attacks by exploiting popularly used Microsoft files or documents.
Zero-day in Microsoft Office
The tracked vulnerability provides the loophole through which maliciously generated codes are injected into Microsoft Office files like Words and Excel files. In addition, the independent Nao Sec cyber security group identified the significant increase in hacking campaigns after the revelation of the latest Microsoft vulnerability loophole.
With the constant Zero-day exposures made public by cyber analysts, criminal hackers are constantly pooling their list of companies to target in their phishing scams. A warning has been issued advising consumers to watch out for already exploited weaknesses, this was after a malicious Word file was sent from Belarus to VirusTotal.
The latest scam dubbed Riddles of a Severe Zero-Day Vulnerability with Microsoft Office program, not only allows consumers to create important documents and files, but now the discovered security flaw could give hackers a remote entryway to execute dangerous codes on the computer system networks of Microsoft clients.
According to researchers, the vulnerability is quite significant as the Zero-day vulnerability in Microsoft Office now has a CVSS score of 7.8, which was achieved during the latest testing by the software company.
Furthermore, currently, no permanent solution was issued to fix the problem. However, the Microsoft cyber security team suggested a temporary fix, which includes disabling the MSDT URL Protocol and the “Preview” tab in Windows Explorer. Both files are reportedly the catalyst through which hackers can infiltrate the current Zero-day vulnerability.