Booby-trapped documents exploiting a critical zeroday vulnerability in Microsoft Word have been sent to millions people around the world in a blitz aimed at installing Dridex, currently one of the most dangerous bank fraud threats on the Internet.
As Ars reported on Saturday, the vulnerability is notable because it bypasses exploit mitigations built into Windows, doesn’t require targets to enable macros, and works even against Windows 10, which is widely considered Microsoft’s most secure operating system ever. The flaw is known to affect most or all Windows versions of Word, but so far no one has ruled out that exploits might also be possible against Mac versions. Researchers from security firms McAfee and FireEye warned that the malicious Word documents are being attached to e-mails, but didn’t reveal the scope or ultimate objective of the campaign.
ORIGINAL SOURCE: Arstechnica
The post Microsoft Word 0day Used to Push Dangerous Dridex Malware on Millions appeared first on IT SECURITY GURU.