Researchers say this attack is a bad bug. Microsoft says it’s a feature.
Microsoft says the wave of stealthy fileless attacks leveraging the company’s applications to create the attacks, is a feature not a vulnerability, and won’t be patched despite knowing about the flaw since August. Microsoft “said they weren’t going to fix it” Sept. 29, Dominic White, CTO of pentesting outfit SensePost told CyberScoop via email. SensePost had alerted the company a month before that the Dynamic Data Exchange, or DDE protocol, in Microsoft Word could be used by hackers to run commands and open executable programs. Microsoft told the pentesters that was a feature and there would be no patch, but it would be considered for a bug fix in a future version. This week SensePost published a proof-of-concept on their blog, noting that the technique was an excellent way to get around security measures that cyber-aware enterprises might have in place. The following day, researchers found the technique being used in the wild […]
The post Researchers say this attack is a bad bug. Microsoft says it’s a feature. appeared first on Cyberscoop.
Continue reading Researchers say this attack is a bad bug. Microsoft says it’s a feature.