Microsoft patches serious Word bug targeted by scammers

Microsoft patches serious Word bug targeted by scammers

A bug in Word that was apparently being used to try to steal banking logins will be patched, Microsoft has said.

The previously undetected, or "zero-day", vulnerability had been reported over the weekend.

Then, on 10 April, cybersecurity firm Proofpoint announced it had discovered an email campaign targeting the bug that aimed to distributed Dridex malware.

Dridex is designed to infect a victim's computer and snoop on banking logins.

In 2015, it was cited as the means by which cyber-attackers stole more than ?20m from British bank accounts.


The flaw discovered in many versions of Microsoft Word for Windows could allow malicious software, including Dridex, to be installed, according to cybersecurity researchers.

A scam email campaign was found to be distributing Microsoft Word RTF [Rich Text Format] documents to recipients that contained Dridex.

"During our testing (for example on Office 2010) the vulnerable system was fully exploited," wrote Proofpoint researchers in a blog.

"We plan to address this through an update on Tuesday April 11, and customers who have updates enabled will be protected automatically," said a Microsoft spokesman.

"Meanwhile we encourage customers to practise safe computing habits online, including exercising caution before opening unknown files and not downloading content from untrusted sources to avoid this type of issue."

Proofpoint also urged Microsoft Word users to install the security updates quickly.

"Because of the widespread effectiveness and rapid weaponisation of this exploit, it is critical that users and organisations apply the patch as soon as it becomes available," the firm said.



Add Comment

all comments

  Other news

more
Love Island star Olivia Attwood gives boyfriend Chris Hughes sex lessons  and praises herself as a good teacher

Love Island star Olivia Attwood gives boyfriend Chris Hughes sex lessons and praises herself..

20-Aug, 10:40

The Love Island star is still going strong with Chris Hughes weeks after...

Indian court grants woman divorce over lack of home toilet

Indian court grants woman divorce over lack of home toilet..

20-Aug, 12:40

An Indian woman has been granted permission to divorce her husband...

Erdogan critic Dogan Akhanli arrested in Spain

Erdogan critic Dogan Akhanli arrested in Spain..

19-Aug, 18:52

A German-Turkish writer who is a known critic of President Recep Tayyip...

Train derails as it departs London Paddington station

Train derails as it departs London Paddington station..

20-Aug, 11:10

Passengers had to be evacuated from a train after it derailed while...

FCC warns consumers about new 'Yes' phone scam

FCC warns consumers about new 'Yes' phone scam..

27-Mar, 21:50

The Federal Communications Commission is warning consumers about a new...

Hugh Jackman speaks out about the 'Logan' ending

Hugh Jackman speaks out about the 'Logan' ending..

06-Mar, 09:58

"Logan" topped the U.S. box office this weekend, pulling in more than $80...

Office supplies chain Staples sold for $6.9 billion

Office supplies chain Staples sold for $6.9 billion..

28-Jun, 18:00

Private equity firm Sycamore is buying office supplies chain Staples for...

Taliban leader killed in US airstrike

Taliban leader killed in US airstrike..

22-Apr, 10:59

A Taliban leader once known as a shadow governor of an Afghanistan...