Microsoft releases Microsoft Office software patch updates to fix Vulnerable Email Issues.
As per reports, an email exploits called ‘Dridex’ zero-day exploit, was detected overnight which was potentially targeting Australian organizations. This led the tech giant Microsoft to urge its Users to update their Microsoft Office software. This exploit was patched by Microsoft on Wednesday morning. This was used in an email campaign which hit millions of email recipients from different organizations in Australia.
According to Bryan Burns, vice president of threat research at security firm Proofpoint, this exploits targeted millions of Australian recipients from different organizations because they were searching for opportunities and this small window gave them a vast opportunity before it was patched. Sending it on Tuesday morning gave a longer window of exploitation. This 0-day vulnerability is likely to have potential threats of weaponization with widespread effectiveness which alarms Users and Organizations to update Microsoft Patch as soon as possible.
The vulnerable emails sent used attachments with Microsoft Word Document. The attachments were named as “Scan—123456.doc” or “Scan—123456.pdf”, withIt included “Scan Data” as the subject line which looked fairly convincing. It represented as though it is a legitimate digital document from a printer or scanner.
According to the company’s director of emerging threats Sherrod DeGrippo, threat actors are using their adaptability to such new means and using it in a means to infect Users data.
“Although attacks relying on document exploits are increasingly uncommon, they certainly remain in attackers’ toolkits,” Mr DeGrippo said.
“New, exploitable vulnerabilities are often not readily available but, in this case, attackers obviously jumped at an opportunity to launch a large campaign that relied on this new exploit.”
These word Documents could majorly steal banking details. The malware when downloaded is made to create a fake document for the user to record user activities. Before the Microsoft office loophole was fixed the malicious emails were already sent to Australians.
Stay tuned for more Microsoft Product News.