Old MS Office feature can be exploited to deliver, execute malware

No kidding. Damn...

A Microsoft Office functionality that has been in use since the early 1990s can be exploited to deliver malicious, executable files to users without triggering widely used security software, claims security researcher Kevin Beaumont.

The feature in question is the OLE Packager, which allows content (even executable content such as .exe or .js files) to be embedded in Office documents.

Beaumont says he contacted Microsoft about this in March and shared with them that threat actors were experimenting with it in the wild (he doesn't say how he found that out).

"At the time they asked me not to post information about the problem online. They have not addressed the problem, and believe it is a feature of Office," he noted, and presumably finally decided to disclose the existence of the problem with the wider public. 

Read more... 

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.