STE WILLIAMS

A new Microsoft Office attack is doing the rounds that combines two previously known exploits.

Security firm Cisco Talos believes that this could be a precursor or test of a new method intended to avoid detection.

The attack, which aims to execute remote code within Microsoft Office, combines CVE-2017-0199 (one of the most common vulnerabilities exploited by malicious documents distributed in spamming campaigns) and CVE-2012-0158.

Talos reckons that the hackers used the combination to avoid Word displaying a prompt that may raise the end user’s suspicions. Another possibility is that they attempted to avoid security defences which may be triggering the combination of OLE2Link in a Word document and the download of an HTA file.

The attack was unsuccessful, indicating “poor testing or quality control procedures”, Talos said. However, this does show a level of experimentation by crooks seeking to use CVE-2017-0199 as a means to launch additional weaponised file types and avoid user prompts.

“This attack may have been an experiment that didn’t quite work out, or it may be indication of future attacks yet to materialise,” Cisco Talos warns.

El Reg invited Microsoft to respond and we’ll update this story as and when we hear back. ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2017/08/15/combo_office_exploits_attack/