An infection was discovered to even be able to exploit Windows 10 machines with latest updates, taking advantage of Mircosoft Office zero-day exploit.
News have appeared of a flaw which takes advantage of absolutely all versions of Microsoft Office software. The interesting part unlike many other zero-days previously detected is that this particular attack can be executed by simply opening a malicious document and not even having to enable macros or anything else to become a victim.
First revealed in public by researchers at McAfee, this exploit has also been confirmed by FireEye experts. Thankfully the flaw has been reported to have a patch developed for it, but it is yet to be released and updated on Windows systems.
According to researchers at McAfee, Windows Object Linking also known as OLE, a feature of the Microsoft Office software package, is directly related to the zero-day exploit which was discovered.
The exploit itself has been reported to be slithered via an RTF type of file (Rich Text) which has a malicious object embedded within it. The malicious object has embedded instructions within it to directly sent an HTTP request and hence establish a connection to a malicious command and control server, which is controlled by the hackers in question. From this HTTP request which is usually via an unsecured port, an .hta type of file is sent back to the infected computer, that pretends to be an RTF document.
From this .hta file which is actually an executable file, the malware may be fully activated on the corrupted device.
So far it is not known who has discovered this logical bug, as Microsoft has called it. However, it is clear that it may spread via e-mail attachments as an attachment accompanied to a deceiving message.