Microsoft has been quick to release its solution for a flaw in Microsoft Word that is being exploited by cyber criminals.
The ‘zero-day’ security hole, which was previously unrecognised, was found by members of the security team at Google, who subsequently reported it to Microsoft. The bug enables cyber criminals to exercise the privileges granted to the rightful user, and therefore have access to corporate networks.
The exploit functions by tricking Word users into opening a doctored RTF (Rich Text Format) file, worryingly though as many versions of Outlook use Word to also preview these files, the vulnerability is capable of infecting users without the need to even click on a link or open an attachment.
Adrian Culley, a security expert who acts as a technical consultant for Damballa, thinks that cyber criminals have been using the bug for quite some time.
Speaking to SCMagazineUK.com, he said:
“This vulnerability gives an attacker full access to the machine at the same privilege level as the current user and has been in the wild for some time. Unfortunately the term zero-day is rarely very helpful, as it begs the question zero-day for whom? Certainly not for the attacker who, more often than not, may have been exploiting particular vulnerabilities for months if not years.”
Not every business is lucky enough to have the likes of Culley on its side, but the news does highlight the need for firms to ensure they have the right personnel in place to combat activities that take advantage of such flaws. Sometimes, in addition to regular security staff, it is wise to offer information security contract jobs to those with specialist knowledge of a particular threat that the company may be exposed to. In the meantime, businesses can breathe a sigh of relief, knowing that it is once again safe to use Word.
Send us your CV and have our recruiters match you to the ideal opportunities
Do you already have an account with us?
Log inWant to have an account with us?
RegisterWant to just send us your CV?
By submitting your registration and CV to us you are agreeing to join our database and to be contacted about relevant jobs industry communications. Please read our terms of business for more information.