A vulnerability in Microsoft Office software allows hackers to potentially take control of your computers and systems. A remote code execution flaw exists in Microsoft Office when the software fails to properly handle objects in memory. Microsoft address this security flaw with a new security update. However, this flaw is apparently 17 years old.
Researchers have discovered that attackers have already exploited the flaw prior to some users installing the security update. Hackers are hoping to install malware on victims devices. Hackers who successfully exploit this flaw could take control of the affected system if the user has administrative rights. The hacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
There are two ways this attack can happen:
E-MAIL:
Attackers will send an attachment via email and try to convince you to download it. Once you open the attachment, the affected software will attack this vulnerability.
Hackers can also send you a link and try to entice you to click on the link. This link will contain a corrupted file designed to target your Microsoft vulnerability.
WEB-BASED:
The cyber attacker will host a website or upload content to a website that accepts user provided content. This content will contain a file designed to exploit the Microsoft Vulnerability. Since you cannot force people to a website, hackers will often try to entice you to click on the link with the file.
How To Protect Your Business:
- Anti-Virus:
Ensure that ALL of your workstations and network connected devices have up to date anti virus software installed. This is one of your first lines of defense should an attack occur. - Install Your Security Update!
If you have been ignoring the pop up window telling you to update your computer, it’s time to stop ignoring it. Microsoft rolled out an update to fix the vulnerability. Install the update to prevent an attack. - Hosted Exchange:
Hosted exchange allows a third party to host your email messages. This means you are protected by the third party’s protective measures. - Never open or download an unknown email attachment.
If you receive an email from someone you don’t know, don’t open it. If you receive an email from someone you do know, and it looks suspicious, ask them before you open an attachment or click on links inside.
Datasmith encourages everyone to check their current security measures. We are available to check and make sure you are protected against this Microsoft vulnerability. Contact us immediately to ensure this threat doesn’t shut down your business.
