Sherrod DeGrippo, director of Emerging Threats at Proofpoint, told IT Pro that threat actors continue to demonstrate their flexibility and adaptability, rapidly taking advantage of new means of infecting users.
Security firm Proofpoint claims that the bug was being used in a large-scale email campaign that was distributing the Dridex banking trojan.
McAfee said it identified the attacks on Thursday and made a decision to release its advisory immediately, which appeared late on Friday.
Within your email filtering solution, such as Intermedia Email Protection, consider temporarily putting a policy in place to block Word documents until Microsoft releases the patch.
While over the weekend Microsoft didn't respond to a request for comment, a Microsoft spokesperson said the company would try to fix the issue in today's planned Patch Tuesday.
For now, McAfee suggests users do not open Office files obtained from untrustworthy locations.
Experts from Proofpoint, a U.S. cybersecurity firm, said on 10 April (Monday) they had observed a widespread email campaign spreading the malware, building on previous warnings from companies McAfee and FireEye which first exposed the existence of the security flaw. Once the document is opened, it connects to an attacker-controlled server from which it downloads and executes its malicious payload. This results in the download of a malicious.hta file (HTML Application executable) on the victim's machine.
Always beware of phishing emails, spams, and clicking the malicious attachment.
The malware can be disguised as important files or documents sent over email, meaning a student's homework or an office presentation could be harboring the next attack. The attacker was then handed over the capability to remotely gain access to your affected computer while evading Microsoft's memory-based security measures. The cybersecurity firm said it's informed Microsoft and is coordinating with the company to address the vulnerability.
He added that the successful exploit closes the bait Word document, and pops up a fake one to show the victim. "In the background, the malware has already been stealthily installed on the victim's system", McAfee said.
Users of Microsoft Office are being warned of a new zero-day security flaw that has been exploited since at least January.
Everyone should ensure that Office Protected View is enabled, as according to McAfee's tests this active attack can not bypass the Office Protected View. Despite enabling Protected view, users should remain vigilant.
In a stark example of how complicated coding can be, Microsoft recently received a huge blow when an unpatched vulnerability made it possible for hackers to send out malware that infected millions of users.