Collaborate Disseminate
The agencies say it’s vital to prioritize patching. Otherwise, we’re making it easy for attackers who don’t have to work at finding 0 days. Continue reading Top 10 most exploited vulnerabilities list released by FBI, DHS CISA
Malware laced OpenDocument files target Microsoft Office, OpenOffice and LibreOffice users. Continue reading Hackers Turn to OpenDocument Format to Avoid AV Detection
Microsoft patched a bug that allowed attackers to steal a target’s Windows account password via previewed Outlook message. Continue reading Outlook Bug Allowed Hackers to Use .RTF Files To Steal Windows Passwords
When a Rich Text(RTF)email is previewed in Microsoft Outlook,remotely-hosted OLE content is retrieved without requiring any additional user interaction. This can leak private information including the user’s password hash,which may be cracked by an attacker. Continue reading VU#974272: Microsoft Outlook retrieves remote OLE content without prompting
Researchers warn of a Microsoft remote code execution bug that has persisted for 17 years in Office, leaving the OS unprotected until the vulnerability was patched Tuesday. Continue reading Microsoft Patches 17-Year-Old Office Bug
A forgotten feature in Microsoft Office allows attackers to bypass antivirus scanners and pull off document-based attacks to install malware. Continue reading Legacy Office Feature Used In Novel Document Attacks
Microsoft OLE uses the URL Moniker to open application data based on the server-provided MIME type,which can allow an unauthenticated remote attacker to execute arbitrary code on a vulnerable system. Continue reading VU#921560: Microsoft OLE URL Moniker improperly handles remotely-linked HTA data
Like macros before it, attackers have been placing malicious code alongside object linking and embedding (OLE) code, along with well-formatted text and images, to spread malware and ransomware. Continue reading Like Macros Before It, Attackers Shifting to OLE to Spread Malware