On August 1st 2020 a gentleman known by the name of Benjamin Altpeter wrote a thesis. On one page tucked away inside was a description of an exploit within Microsoft office running on Windows. This issue was reported to Microsoft, but it is not yet clear why, after 22 months when it is rediscovered, it was not acted upon?
Since last month this exploit has been used by increasing numbers of malicious actors to disrupt and extort, and moreover can be use with pretty much all versions of Office and on most versions of Windows. It is not stopped by Windows Defender (yet) and requires very little to work.
The technical matters of how the exploit works is not important for most people, however the ramifications of its effects should not be underestimated!
Programs that run on Windows have a privilege level that determines how much access they have (what they can change). Typical good security practice is to use the regular user level, using administrative powers only when needed. Hackers and malicious actors often use exploits to gain higher level access to systems in order to execute their own code and make your computer do what they want. Once elevated privilege is gained, there is very little a hacker cannot do!
The best defence for now is to simply not open attachments from un-trustworthy sources, good advice on any day of the week. However, this exploit particularly affects Office DOCX files, and RTF but there may be other file types that could be affected.
If you cannot always guarantee that people won’t open them, you can install some “fixes” that disable key elements of the exploit at the expense of limiting the functionality of Office. It is also worth noting that using a non-Windows OS would protect you as well, such as Linux, Android or iOS, so checking on your phone should be harmless.
Talk to us if you have any burning questions – 01522 797520.
Ben
