Hackers have rediscovered a ten year old flaw in Microsoft Office and are exploiting it in attempts to take over entire systems remotely…
A Microsoft Office defect dating back about ten years ago is now being revived by hackers. The cyber-criminals are using creative new email scams, along with the exploit to break into PCs and networks. The activity is so egregious that analysis commissioned by NordVPN found a 400 percent increase in manipulating vulnerability CVE-2017-11882 during the second quarter of this year.
Hackers again Using Decade-Old Microsoft Office Exploit to Take Over PCs Remotely
If leveraged correctly, a memory corruption bug could allow hackers to deploy code on target devices and systems remotely. The problem can easily become much worse, if the attacker seizes a user account with administrative privileges, which creates a scenario of taking complete control of the target network. Once inside, the hacker can install malicious code and/or access and/or delete data, even create new accounts, granting them full access rights.
To effectively abuse the vulnerability, hackers must successfully trick potential victims into opening a specially-crafted file that contains an infected copy of Microsoft Office or Microsoft WordPad. The most common way cyber-criminals accomplish this is through phishing email schemes, many of them are very convincing and manipulative.