Microsoft patches actively targeted zero-day Word vulnerability

Posted 12 April 2017 01:05 CEST by Seán Byrne

Over the weekend, a new previously undetected zero-day vulnerability was reported in Word, affecting all versions including Word 2016. The Cybersecurity firm Proofpoint discovered that this bug is being actively exploited by a large e-mail campaign.

According to Proofpoint, the campaign is targeting various organisations across Australia, delivering the Dridex banking Trojan. This gives the Dridex a significant benefit over its previous scams that depend on Marco-infected documents.

Every e-mail Proofpoint examined using this exploit over the weekend used the same e-mail template. The subject is consistently “Scan Data”, with the ‘From’ field spoofing an internal e-mail domain contact. The attachment name is “Scan_”, followed by a series of digits, such as ‘Scan_652019.doc’.

When the attachment is opened, it automatically attempts to install the Dridex botnet ID 7500. If “Protected View” is not enabled in word, no user interaction is required for the exploit to take hold, regardless of any message that appears. If a ‘Protected View’ banner appears (common with e-mailed documents), the user just needs to click ‘Enable Editing’ for the exploit to run.

Microsoft has patched this exploit on April 11, 2017. Due to the effectiveness of this exploit and it being actively targeted, users and organisations should apply the patch as soon as possible.

The same Word bug is also now being exploited to install Malware with the names Godzilla and Latenbot, according to Ars Technica. settings

Several settings at can be changed, they are stored in cookies, which means they will be reset if you clear cookies


Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here


Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page