Russian Hackers Weaponize Microsoft Office Bug in Just 3 Days
APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
Microsoft Office is a productivity software suite whose documents, add-ins, and vulnerabilities can expose data and compromise enterprise systems.
Search across headline titles and summaries.
Background for this topic.
Microsoft Office is a suite of productivity applications including Word, Excel, PowerPoint, and Access, delivered as desktop software and, in many environments, through Microsoft 365 services. Its files are common in business workflows, so Office security advisories, file-format changes, and configuration guidance can affect a broad range of users and systems.
Office documents can carry malicious macros, embedded objects, templates, or links, and vulnerabilities in an application or document parser may enable code execution when a file is opened or previewed. Useful controls include timely patching, restricting macros to trusted, signed sources, using Protected View, and inspecting attachment and download provenance. Cloud use adds security responsibilities around identity, external sharing, delegated application access, and retention of sensitive documents; monitoring sign-ins and sharing events helps distinguish an exploited endpoint from an account or configuration problem.
Weekly headline count for the current query.
APT28's attacks rely on specially crafted Microsoft Rich Text Format (RTF) documents to kick off a multistage infection chain to deliver malicious payloads.
The creators of the toolkit are advertising it as an educational and ethical resource, but what it promises to provide users if purchased indicates it's anything but.
Windows users are at risk for full device takeover by an emerging malicious version of the Remcos remote admin tool, which is being used in an ongoing campaign exploiting a known remote code execution (RCE) vulnerability in Microsoft Office and WordPad.
The cyber campaign uses social engineering and sophisticated evasion tactics, including a novel malware-delivery method, to compromise hundreds of Microsoft Office users.
Malicious attachments that exploit an RCE flaw from 2017 are propagating Agent Tesla via socially engineered emails and an evasive infection method.
The default email encryption used in Microsoft Office's cloud version is leaky, which the company acknowledged but said it wouldn't fix.
The most heavily targeted flaw last quarter was a remote code execution vulnerability in Microsoft Office that was disclosed and patched four years ago.
The malware is using spreadsheets, documents, and other types of Microsoft Office attachments in a new and improved version that is often able to bypass email gateway-security scanners.