Unpatched Microsoft Word Exploit in Malware Attacks

A new unpatched Microsoft Work exploit has surfaced. Hackers were found using the Necurs Botnet to deliver Locky Ransomeware and TrickBot banking trojan, using the newly discovered DDE attack technique, according to a post from Brad on SANS.

Want to stay up to date with security news? Please subscribe to our LinkedIN group , Like our Facebook page, or join our FREE Newsletter.

The research Brad, shared his security news findings. The first step was looking at the emails in a controlled lab environment:

upatched microsoft 01

Next, we see what happens after a victim downloads the attachment:

unpatched microsoft exploit

microsoft unpatched exploit

The Grande Finale

microsoft unpatched exploit

microsoft unpatched exploit

For more technical information on the unpatched Microsoft exploit, make sure you read Brad’s post!

Looking at the bright side, this ransomware is not asking for nudes.

How to protect the organization

  1. Disable “update automatic links at open”
    Open Word → Select File → Options → Advanced and scroll down to General and then uncheck “Update Automatic links at Open.”
  2. Provide security awareness training to your employees. No one should be clicking on suspicious link or downloading files from unknown sources.
  3. Use “Software Restriction Policies” or “AppLocker” to restrict what softwares can do on your network.
  4. Keep your operating system and other softwares updated.
  5. Regularly backup your data in case of a ransomware outbreak.
  6. Use Privilege Access Management softwares.

How does Privilege Access Management (PAM) software work?

For ransomware and other harmful applications to run, they need administrator level privileges on the victim’s computer.

PAM solutions give administrator privileges to applications instead of users, thus eliminating the risks of ransomware and malware spreads due a user clicking the wrong link.


Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

%d bloggers like this: