Hackers use Microsoft Office Word vulnerability in the real world, but Microsoft doesn’t fix

ICS Attack Framework “TRITON”

Since the year before, Microsoft Word, a widely used office software component worldwide, has been found to have zero-day vulnerabilities. These vulnerabilities are mainly located in modules that Object Linking and Embedding (OLE) file format uses to embed objects such as formulas. Although many fixes have been made, many vulnerabilities have not been discovered. For example, the latest vulnerability discovered by researchers from Mimecast Research Labs has been exploited by Syrian hacking organizations, and the vulnerability can also bypass all conventional defenses.

ICS Attack Framework “TRITON”

Researchers have detected Syrian hacking organizations using this vulnerability to bypass security measures, including a leading sandbox and anti-malware technologies. The Syrian hacking organization exploited this vulnerability to bypass a variety of security solutions designed to protect data from intrusions and then used to steal user data. The loaded malicious code can access specific URL addresses, create files or folders, run shell commands, and execute and end applications. It can also steal user information by inserting a keylogger and mouse click track, and conventional anti-virus solutions cannot defend against this problem.

Researchers have notified Microsoft of this vulnerability and confirmed it by Microsoft. However, Microsoft does not seem to have much interest in fixing this vulnerability. Microsoft believes that the problem itself will not cause memory corruption or remote code execution. In other words, Microsoft believes that the vulnerability of this vulnerability is not as big as imagined, so it is possible to introduce a fix for this issue in subsequent updates.