This Microsoft Word bug can bypass your antimalware protection

Rabia Noureen avatar. By: Rabia Noureen
2 minute read

Home » News » This Microsoft Word bug can bypass your antimalware protection

It seems that MS Office is currently under the spotlight but not for something the company is proud of. There is a critical bug affecting Microsoft Office that literally makes malicious codes undetectable by antimalware solutions.

This security vulnerability was discovered by a security vendor, Mimecast in a report released on Tuesday. For the time being, it seems that Microsoft has no plans to work on a bug fix. 

Modus Operandi

The vulnerability actually exists in the way how MS Word handles the Integer Overflow bugs in OLE file format.

The security firm has identified the fact that a group of Serbian attackers are actively hitting the targetted PCs.

You might be wondering how they are able to bypass the existing security firewalls. They are taking advantage of the OLE vulnerability in the MS Office‘s Equation Editor component in order to exploit MS Word documents.

However, Mimecast found out that  hackers were able to gain complete control over the systems through the JACKSBOT malware.

The vendor further states what the malware can do to your systems. Surprisingly, it can create files and/or folders, execute/end programs and visit URLs and run Shell commands

— RELATED: 6 best antivirus tools with unlimited validity [2019 List]

The Equation Editor bug that allows the attackers to have remote administration control the target PC, was initially discovered in November 2017. Although it was patched in the same year, the unpatched systems are still being targeted. 

The code execution or memory corruption is not caused by just the overflow. Hence currently, Microsoft is not planning for a security fix. 

How to secure your systems

Even though the bug was identified and reported back in 2017, most of the system have yet not installed the patch.  Large enterprises and organizations can protect their systems by installing the Equation Editor bug patch. That is the only way you can stop an attack. 

The complete report discusses in detail the technicalities of the exploits.



Next up

How can I fix Bad module Steam error [FULL FIX]

Vladimir Popescu avatar. By: Vladimir Popescu
3 minute read

Have you experienced Bad module Steam error on your PC? This error occurs for games like Fortnite, PUBG, and also Counter-Strike:GO, and in today’s article […]

Continue Reading

Media keys not working on Windows 10 [SIMPLEST SOLUTIONS]

Vlad Turiceanu avatar. By: Vlad Turiceanu
3 minute read

Windows 10 is an amazing operating system with many features and great versatility. No matter what peripherals are you trying to connect to it, even […]

Continue Reading

Windows media player cannot convert file to required format [FIX]

Tashreef Shareef avatar. By: Tashreef Shareef
3 minute read

The Sync function offered by the Windows Media Player allows the users to sync their favorite tracks between the PC and the smartphone. Sometimes, the […]

Continue Reading