Old MS Office feature can be exploited to deliver, execute malware

No kidding. Damn...

A Microsoft Office functionality that has been in use since the early 1990s can be exploited to deliver malicious, executable files to users without triggering widely used security software, claims security researcher Kevin Beaumont.

The feature in question is the OLE Packager, which allows content (even executable content such as .exe or .js files) to be embedded in Office documents.

Beaumont says he contacted Microsoft about this in March and shared with them that threat actors were experimenting with it in the wild (he doesn't say how he found that out).

"At the time they asked me not to post information about the problem online. They have not addressed the problem, and believe it is a feature of Office," he noted, and presumably finally decided to disclose the existence of the problem with the wider public. 

Read more... 

Da Boss!

Website: www.digitalsmind.com Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Latest Content

  • Snag-It 2018 - Best Screen Capture Tool - PERIOD!
    Written by

    Da Boss!

    Snag-It 2018 - Best Screen Capture Tool - PERIOD! Well, it's almost here but I was graced by the…
    Read more...
  • Windows 10 Fall Creators Update: Lots of small changes—and maybe the revolution
    Written by

    Da Boss!

    Windows 10 Fall Creators Update: Lots of small changes—and maybe the revolution Hopefully this one will go a little smoother than the…
    Read more...
  • VirtualBox 5.1.30
    Written by

    Da Boss!

    VirtualBox 5.1.30 If you are looking for a VM program\utility that can…
    Read more...
  • Microsoft employees can now work from tree houses
    Written by

    Da Boss!

    Microsoft employees can now work from tree houses Damn...can't seem to find my resume. How freaking cool would…
    Read more...
  • US CERT advisory: severe flaw in popular WiFi security protocol WPA2 leaves WiFi traffic open to eavesdropping, connection hijacking, and malicious injection
    Written by

    Da Boss!

    US CERT advisory: severe flaw in popular WiFi security protocol WPA2 leaves WiFi traffic open to eavesdropping, connection hijacking, and malicious injection And I haven't even finished my first cup of coffee…
    Read more...

Visit the Digitalsmind Video YouTube Page!

Did you know we have a video page on YouTube? 

Well... WE DO! 

Check us out! 

- Our Video page.