Microsoft Office users have been talking about the OLE integer overflow bug that allows malicious codes to bypass sandboxes and anti-malware solutions in targeted PCs. Many would like to know if they are at risk and what they can do to protect their privacy.
Can It Be Unsafe to Use Microsoft Word?
Are Microsoft Word bugs dangerous? – That’s the million dollar question. The answer is that the bugs in themselves are not dangerous but can be exploited by attackers.
There’s a bug in the way Microsoft Office handles the OLE file format – OLE32.dll library does not handle integer overflows correctly.
A group of attackers, believed to be of Serbian origin, have taken advantage of this to deliver a new version of the JACKSBOT malware into the system of unsuspecting Microsoft Word users.
What they did was create special Word documents that use the OLE Integer Overflow bug to exploit the memory corruption vulnerability in Microsoft Word (the Equation Editor vulnerability). They are then able to gain remote administrative control of the Office account.
This way, they deliver malware that bypasses security firewalls in the PC and leaves users unaware that their system has been compromised.
The JACKSBOT malware can take complete control of the system. It has full-service espionage capabilities to:
- Create files and/or folders.
- Transfer files.
- Execute/end programs.
- Collect user and general system information.
- Collect keystrokes.
- Steal cached passwords and collect data from web forms.
- Record video and take pictures from a webcam.
- Record sound from the microphone.
- Take screenshots.
- Steal crypto currency wallet keys.
- Steal VPN certificates.
- Manage SMS for Android devices.
Although the Equation Editor vulnerability that these attackers exploit was patched 15 months ago, as part of the November 2017 Patch Tuesday, many users are yet to get it installed. They are exposed to this threat.
It is believed that the Integer Overflow bug can be used to deliver any payload into an OLE file. This means that various other vulnerabilities that may yet exist in Word can also be exploited. Attackers may find ways to mask still-to-be-found zero day exploits.
In response to creating a security update to fix the Integer Overflow bug, Microsoft has stated that the issue does not meet the severity bar for servicing since the bug by itself does not result in memory corruption or code execution.
How to Keep Safe from Critical Bug Affecting Microsoft Office
According to Microsoft’s security advisory, the memory corruption vulnerability, which is tracked as CVE-2017-11882, affects only unpatched Office 2016, Office 2013 Service Pack 1, Office 2010 Service Pack 2, and Office 2007 Service Pack 3.
To protect your PC, all you have to do is install the bug patch for Equation Editor. That is the only way to avoid the exploit and keep your PC safe.
However, some users believe that disabling admin rights for Microsoft Office can protect your PC from attackers who may be able to find and exploit future vulnerabilities.
For the general safety of your PC, always make sure you keep your anti-malware protection up to date to stop the activity of malicious items you may not suspect are present. Proactive measures are important.
Auslogics Anti-Malware runs comprehensive analysis on your PC to:
- Discover malicious programs that could be running.
- Analyse auto-start items and suspicious entries in the registry.
- Checks temporary folders for security issues.
- Scan browser extensions to prevent data leaks.
- Detects cookies that track your activities and collect your personal data.
This tool catches items your antivirus could miss.
We hope you have found this information useful…
Do leave a comment in the section below.