Phishing scams tricking unsuspecting users into opening nefarious files are nothing new, and attackers have using weaponized documents for just about as long. This week, I had the pleasure of being featured on Milton Security’s blog to talk about a new attack that was spotted as early as last year, and was finally patched by Microsoft in April. I went over this CVE-2017-0199 vulnerability that affected Windows based machines using Microsoft Word and the default built-in Wordpad, that enabled an attacker to send a malicious RTF file that would execute a HTA file remotely without any user interaction besides opening the file. I went over how to create the file using Metasploit, a python script, and finally just using Microsoft Word itself and editing the file to make it autorun. Spear-phishing attacks could allow the attacker to send these files to their victims over a spoofed in email and gain a foothold into the victim’s network if they weren’t properly patched which the article also covered towards the end on how to mitigate. So head over there and check it out. https://www.miltonsecurity.com/company/blog/analysis-cve-2017-0199-ms-word-threats-are-back
Contact Me
Social Media
Categories
-
Recent Posts
RSS Blogroll
- MITRE Launches AI Incident Sharing Initiative
- iPhone 'VoiceOver' Feature Could Read Passwords Aloud
- Insider Threat Damage Balloons as Visibility Gaps Widen
- Microsoft, DOJ Dismantle Russian Hacker Group Star Blizzard
- sup
- Student Loan Breach Exposes 2.5M Records
- Watering Hole Attacks Push ScanBox Keylogger
- Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
- Ransomware Attacks are on the Rise
- Moving to gitlab
Archives
- March 2024
- May 2023
- April 2021
- January 2021
- July 2019
- May 2019
- September 2018
- June 2018
- October 2017
- September 2017
- June 2017
- May 2017
- April 2017
- December 2016
- November 2016
- October 2016
- July 2016
- May 2016
- April 2016
- March 2016
- January 2016
- October 2015
- July 2015
- May 2015
- March 2015
- February 2015
- January 2015
- November 2014
- October 2014
- September 2014
- June 2014
- March 2014
- February 2014
- September 2013
- June 2013
- April 2013
- January 2013
- March 2012
- February 2010
- September 2009