Microsoft patches serious Word bug targeted by scammers

Microsoft patches serious Word bug targeted by scammers

A bug in Word that was apparently being used to try to steal banking logins will be patched, Microsoft has said.

The previously undetected, or "zero-day", vulnerability had been reported over the weekend.

Then, on 10 April, cybersecurity firm Proofpoint announced it had discovered an email campaign targeting the bug that aimed to distributed Dridex malware.

Dridex is designed to infect a victim's computer and snoop on banking logins.

In 2015, it was cited as the means by which cyber-attackers stole more than ?20m from British bank accounts.


The flaw discovered in many versions of Microsoft Word for Windows could allow malicious software, including Dridex, to be installed, according to cybersecurity researchers.

A scam email campaign was found to be distributing Microsoft Word RTF [Rich Text Format] documents to recipients that contained Dridex.

"During our testing (for example on Office 2010) the vulnerable system was fully exploited," wrote Proofpoint researchers in a blog.

"We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically," said a Microsoft spokesman.

"Meanwhile we encourage customers to practise safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue."

Proofpoint also urged Microsoft Word users to install the security updates quickly.

"Because of the widespread effectiveness and rapid weaponisation of this exploit, it is critical that users and organisations apply the patch as soon as it becomes available," the firm said.



Add Comment

all comments

  Other news

more
Queen's University Belfast to launch first Irish satellite

Queen's University Belfast to launch first Irish satellite..

25-May, 10:16

Ireland is preparing to launch its first satellite in space, with the...

President Lenin Moreno takes office in Ecuador

President Lenin Moreno takes office in Ecuador..

24-May, 19:01

Ecuador's new President Lenin Moreno has taken office, pledging to...

Ariana Grande Manchester terror attack victim Alison Howe's husband Steve Howe gives emotional phone interview on Good Morning Britain: 'I cant even describe the pain!'

Ariana Grande Manchester terror attack victim Alison Howe's husband Steve Howe gives emotional..

25-May, 04:11

On Monday night 22 people were killed and more than 59 people were...

Fever-Tree founder toasts ?73m share sale

Fever-Tree founder toasts ?73m share sale..

25-May, 07:52

One of the co-founders of upmarket mixer drinks maker Fever-Tree has...

Israel lauds US security ties following Trump disclosures

Israel lauds US security ties following Trump disclosures..

17-May, 06:48

Israeli officials on Wednesday sought to downplay any damage caused by...

2 dead, 10 missing, dozens injured in storms in south Brazil

2 dead, 10 missing, dozens injured in storms in south Brazil..

12-Mar, 19:22

Brazilian authorities say two people died and more than 10 are missing...

Mission nearly impossible this spring: Finding a home to buy

Mission nearly impossible this spring: Finding a home to buy..

10-Apr, 03:24

Anyone eager to buy a home this spring probably has reasons to feel good....

Express Scripts expects to lose biggest customer after 2019

Express Scripts expects to lose biggest customer after 2019..

24-Apr, 19:40

Shares of Express Scripts Holding Co. tumbled in extended trading Monday...