Microsoft Word vulnerability allowed hackers exploit multiple computers, patch issued after 6 months

Modern software is quite susceptible to bugs. Some of these bugs are serious in nature, and manufacturers are quick to issue a patch. Given the risk and impact of an attack, timeliness and efficiency are the two keystones of any security patch update. And it appears that Microsoft seemed to have been caught in slumber.

In July 2016, Ryan Hanson, a 2010 Idaho State University graduate and consultant at boutique security firm Optiv Inc in Boise, discovered a security flaw in Word. The specific bug was in the way Word processes documents from other sources. All Hanson had to do was insert a code into a Word document and share it. Once a user opened the document and clicked on the link, he could automatically access the user’s computer.

Microsoft was contacted about the flaw a couple of months after it was discovered. Known as CVE-2017-0199, the flaw affected most active Word versions. However, as there had been no exploits reported, Microsoft decided to investigate the matter instead of informing about it or releasing a patch. Also, the real challenge in informing users meant alerting hackers, something Microsoft wished to avoid.

The “investigation”, continued far too long. In the meanwhile, McAfee re-discovered the flaw and made the matter public playing right into hackers’ hands. As soon as the report leaked, multiple hackers began infecting computers all over the world. Millions of computers were affected through the simple word files shared over emails. Users in Russia and Australia also saw bank accounts getting hacked as a result.

Microsoft finally released a patch in April 2017, nearly 6 months after the initial flaw was brought to its notice and had already been exploited. As per the report by Microsoft on the flaw: “A remote code execution vulnerability exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.”

Considering the seriousness and wide-spread vulnerability of the attacks, it is unknown as to how many computers are affected and how much money and data has actually been compromised. If you have update your installation of Microsoft Word with the latest security patch, you should be fine.



. . . . . . . .

Leave a Reply