Microsoft has not released update patches for this bug
Network security and ethical hacking specialists from the International Institute of Cyber Security report the emergence of a new vulnerability in Microsoft Word. This vulnerability allows attackers to dodge detection of antivirus software during exploitation. It seems that Microsoft had knowledge of this failure for some time, but did nothing to correct it.
The vulnerability exists by how to manage integer overflow errors in Word in OLE format. In conjunction with another Memory Corruption Vulnerability (identified as CVE-2017-11882) previously corrected.
Network security experts discovered that a group of hackers was actively exploiting this vulnerability, possibly from Serbia. Hackers used Word documents to exploit the vulnerability in OLE, thus bypassing detection.
Supposedly, the agents loaded a malware called JACKSBOT on the attacked systems. This malware allows attackers to gain full access to the victim machine, report network security specialists. “The malware code reveals that it is capable of accessing URLs, creating files and folders, executing shell commands and running and ending programs”, experts mentioned.
The investigators reported the vulnerability to Microsoft and, although the company recognized the failure, has refused to correct the vulnerability. “Microsoft refused to launch a security patch for the time being, as the error does not generate memory corruption or code execution by itself”, the experts mentioned.
The vulnerability has not yet been corrected, so its exploitation in real scenarios is still possible.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.