How to protect your PC from Microsoft Word vulnerabilities?

By Tobenna Nnabeze | March 14, 2019 |

greater than 2 minutes

To resolve this problem in no time, use the software designed by Auslogics. It is safe and easy to use. Just download the tool by clicking on this link and launch the app. Enjoy the improvement!

Microsoft Office users have been talking about the OLE integer overflow bug that allows malicious codes to bypass sandboxes and anti-malware solutions in targeted PCs. Many would like to know if they are at risk and what they can do to protect their privacy.

Can It Be Unsafe to Use Microsoft Word?

Are Microsoft Word bugs dangerous? – That’s the million dollar question. The answer is that the bugs in themselves are not dangerous but can be exploited by attackers.

There’s a bug in the way Microsoft Office handles the OLE file format – OLE32.dll library does not handle integer overflows correctly.

A group of attackers, believed to be of Serbian origin, have taken advantage of this to deliver a new version of the JACKSBOT malware into the system of unsuspecting Microsoft Word users.

What they did was create special Word documents that use the OLE Integer Overflow bug to exploit the memory corruption vulnerability in Microsoft Word (the Equation Editor vulnerability). They are then able to gain remote administrative control of the Office account.

This way, they deliver malware that bypasses security firewalls in the PC and leaves users unaware that their system has been compromised.

The JACKSBOT malware can take complete control of the system. It has full-service espionage capabilities to:

  • Create files and/or folders.
  • Transfer files.
  • Execute/end programs.
  • Collect user and general system information.
  • Collect keystrokes.
  • Steal cached passwords and collect data from web forms.
  • Record video and take pictures from a webcam.
  • Record sound from the microphone.
  • Take screenshots.
  • Steal crypto currency wallet keys.
  • Steal VPN certificates.
  • Manage SMS for Android devices.

Although the Equation Editor vulnerability that these attackers exploit was patched 15 months ago, as part of the November 2017 Patch Tuesday, many users are yet to get it installed. They are exposed to this threat.

If you cannot resolve the
problem yourself, you can
ask our certified PC technicians for immediate assistance in the chat right on this page.

It is believed that the Integer Overflow bug can be used to deliver any payload into an OLE file. This means that various other vulnerabilities that may yet exist in Word can also be exploited. Attackers may find ways to mask still-to-be-found zero day exploits.

In response to creating a security update to fix the Integer Overflow bug, Microsoft has stated that the issue does not meet the severity bar for servicing since the bug by itself does not result in memory corruption or code execution.

How to Keep Safe from Critical Bug Affecting Microsoft Office

According to Microsoft’s security advisory, the memory corruption vulnerability, which is tracked as CVE-2017-11882, affects only unpatched Office 2016, Office 2013 Service Pack 1, Office 2010 Service Pack 2, and Office 2007 Service Pack 3.

To protect your PC, all you have to do is install the bug patch for Equation Editor. That is the only way to avoid the exploit and keep your PC safe.

However, some users believe that disabling admin rights for Microsoft Office can protect your PC from attackers who may be able to find and exploit future vulnerabilities.

For the general safety of your PC, always make sure you keep your anti-malware protection up to date to stop the activity of malicious items you may not suspect are present. Proactive measures are important.

Auslogics Anti-Malware runs comprehensive analysis on your PC to:

  • Discover malicious programs that could be running.
  • Analyse auto-start items and suspicious entries in the registry.
  • Checks temporary folders for security issues.
  • Scan browser extensions to prevent data leaks.
  • Detects cookies that track your activities and collect your personal data.

This tool catches items your antivirus could miss.

We hope you have found this information useful…

Do leave a comment in the section below.

20
off
Your first order from Auslogics

Want 20% off right now? Subscribe to our newsletter and save!

You will immediately get a 20% discount coupon via email, and we will send you the Auslogics newsletter to notify of great discounts, new releases, helpful PC tips and giveaways.

Please enter a correct email address
Almost done! Please check your mailbox and confirm your address.

IMPORTANT: Auslogics values your privacy and will not disclose your information to any third parties. Every email includes an unsubscribe link, so you may unsubscribe any time. All personal data you provide to us is handled in accordance with applicable laws, including the European GDPR. Please see our Privacy Policy for more details.

Share it:
Do you like this post?
1 Star2 Stars3 Stars4 Stars5 Stars (1 votes, average: 5.00 out of 5)
Loading...

 

GET LIVE HELP WITH PC ISSUES

Call us toll-free

US & Canada 1-888-706-5659

UK 1-800-041-8199

Australia 1-800-370-543

Chat with us online

Prefer us to call you back? Give us your phone number via chat

Fix your PC in THREE easy steps

Step 1

Call us or chat with us. Our agents are online around the clock

Step 2

We will remotely access your device, provide you with free diagnostics, and discuss repair options

Step 3

Sit back and watch. Most problems will be fixed immediately within less than an hour