CyberIntro

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer

Unpatched MS Word Flaw Could Allow Hackers to Infect Your Computer. One way or another, hackers are always trying their best to get inside your system and get access to all of your data. Now, cybersecurity researchers have found another flaw in Microsoft Office Word 2016 and it’s older versions which allow attackers to get access into your system tricking users into running malware onto their computers. Discovered by researchers at Cymulate, the bug abuses the ‘Online Video’ option in Word documents, a feature that allows users to embedded an online video with a link to YouTube.

When a user adds an online video link to an MS Word document, the Online Video feature automatically generates an HTML embed script, which is executed when the thumbnail inside the document is clicked by the viewer. According to the researchers, the configuration file called ‘document.xml,’ which is a default XML file used by Word and contains the generated embedded-video code can be edited to replace the current video iFrame code with any HTML or javascript code that would run in the background.

In simple words, an attacker can exploit the bug by replacing the actual YouTube video with a malicious one that would get executed by the Internet Explorer Download Manager. The hackers had reported the bug to Microsoft, but the latter didn’t take it seriously so they took to show a proof of the hack in front of everyone. But, the company still refused to consider it as a security vulnerability. Apparently, Microsoft has no plans to fix the issue and says its software is “properly interpreting HTML as designed.” Meanwhile, researchers recommend you not to download any anonymous attachment file sent to you over email from suspicious or unknown users. And be cautious while opening any documents file.

Also read – Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON.

Comment below if you have anything to discuss this topic. Follow us on Facebook, Twitter, Instagram or Linkedin.

Exit mobile version