www.office.com/setup Blogs: MICROSOFT WORD and Microsoft Office users have been warned about a new zero-day security flaw that enables hackers to remotely install malware on your PC, security McAfee has warned.
Microsoft Office is vulnerable to a dangerous new malware attack, renown anti-virus company McAfee has cautioned.
The security flaw enables cyber-criminals to covertly install malware on your PC.
The terrifying attack is possible thanks to a flaw in Microsoft’s Object, Linking and Embedding (OLE) technology, McAfee warned in a blog post.
The security company wrote: “The exploit works on all Microsoft Office versions, including the latest Office 2016 running on Windows 10.
“The earliest attack we have seen dates to late January.”
Hackers are using Microsoft Word documents (or more specifically, RTF files listed with a “.doc” extension) to trick people into opening the files.
The simple steps YOU need to take to avoid being hacked in an online scam
Mon, April 10, 2017
MAKE sure you are protected against the latest online attacks by following these simple steps.
Ensure you’re protected against online attacks by following these steps EXPRESS NEWSPAPERS • GETTY
1 of 13
Ensure you’re protected against online attacks by following these steps
No sooner than the file is opened, the PC will download a file that contains HTML application content which will enables the criminals full administrator rights on the victim’s machine.
This is how criminals are able to remotely execute malware on your device.
McAfee says it has been in contact with Microsoft about the security flaw in its Microsoft Office applications.
The Redmond-based technology company is expected to push-out an update to its apps that closes the flaw this week for its habitual Patch Tuesday bug release.
PC owners should always make sure their software is being supported by the manufacturer, and is up-to-date.
But in the meantime, what should Microsoft Office users do to avoid the virus?
The .hta content is disguised as a normal RTF file to evade security productsMCAFEE
The .hta content is disguised as a normal RTF file to evade security products
Well, anti-virus firm McAfee has a few suggestions to keep safe.
“Do not open any Office files obtained from untrusted locations,” the company warns.
“According to our tests, this active attack cannot bypass the Office Protected View, so we suggest everyone ensure that Office Protected View is enabled.”
To enable Office Protected View in your application, launch Microsoft Word.
Then navigate to File > Options > Trust Centre, then click on Trust Centre Options.
Click on Protected View, then check all of the three tick boxes listed beneath this option.
Hit OK to finalise the changes – and you should be protected against the latest malware attack.
The biggest cyber-attacks, hacks and data breaches
Sat, May 13, 2017
From viruses to data breaches, cyber-crime is far from a modern invention – here is Express.co.uk’s list of some of the biggest attacks in history.
14 of the biggest cyber-attacks GETTY IMAGES
1 of 15
14 of the biggest cyber-attacks, hacks and data breaches in history
14 of the biggest cyber-attacks
The NHS was hit by biggest ransomware attack
The news comes days after Israeli researcher Amihai Neiderman blasted the TizenOS operating system that powers the Samsung smartwatches as “the worst code” he had seen.
Mr Neiderman has skewered Samsung’s TizenOS, which powers the Gear S3 Frontier and a slew of other smart devices – including televisions and smartphones.
The Israeli researcher spoke to Motherboard ahead of a speech at the annual Security Analyst Summit held by Kaspersky Lab, revealing “It may be the worst code I’ve ever seen.”
“Everything you can do wrong there, they do it,” he added “You can see that nobody with any understanding of security looked at this code or wrote it.
“It’s like taking an undergraduate and letting him program your software.”
Tizen OS has been skewered, with one researcher blasting it as ‘the worst code’ he’d ever seenGETTY
Tizen OS has been skewered, with one researcher blasting it as ‘the worst code’ he’d ever seen
One of these vulnerabilities would allow a hacker to remotely seize control of a Samsung device running TizenOS.
Mr Neiderman says he was able to hijack the TizenStore app – Samsung’s version of Google Play Store – which is used to deliver apps and software updates to Tizen devices, to install malicious code to his device.
“You can update a Tizen system with any malicious code you want,” he said.