123ArticleOnline Logo
Welcome to 123ArticleOnline.com!

ALL >> Computers >> View Article

Microsoft Issues Advisory To Office Users After Fancy Bear Attacks

By Author: lenasmith
Total Articles: 43

Microsoft, the tech giant has posted a security advisory to let the Office customers minimize attacks that utilize an Office feature DDE to install malware upon opening an Office document. According to security researchers, since last month a Russia-linked hacking group named APT28 is making the use of DDE or Dynamic Data Exchange, an old protocol to embed malicious code through an infected Word document. This protocol enables the users to send messages between applications that share data.

These targeted attacks linked to this Russia-linked group are sometimes known as Fancy Bear hacking gang. Last month, it was observed that it was possible to plant attacks exploiting DDE via Excel spreadsheets, Word documents and Outlook, even when macros have not been enabled. For example- financial data that can be auto updated with new data from an external source.

As per McAfee researchers report, the hacking group has started using DDE in a word document with the file name “IsisAttackInNewYork.docx”. The hackers used DDE to launch a PowerShell script that lands to a URL and downloads an implant named Seduploader, which automatically fetches information about victims.

In the email attack scenario, an attacker could influence the DDE protocol by sending a specially customized file to the user and compelling him to open the file, mainly by the way of enticement in an email.

Before to this, the Dynamic Data Exchange attack was being used by cybercriminal groups. Sensepost researchers grab attention to the technique, which offered an alternative way to implant malware with macros. Sensepost reported this issue to the tech giant, Microsoft. However, Redmond thought it a feature and hence didn’t provide a patch in the October update.

The Fancy bear files that took the help of DDE were created on October 27 and shared with control server domains that were registered two days before.

Microsoft issues an advisory that if an attacker influence a user to open a document that make the use of DDE, the victim also need to disable Protected Mode and click through one or more additional prompts. The recommendation also points to instructions for administrators to enable DDE feature control keys that are saved in the registry.

The tech giant strongly encourages all the Office users to review the security-related feature control keys and to enable them for better protection from the Fancy Bear attacks. The advisory also include guide for disabling DDE from the inside of Office products. It shows that if DDE is disabled in Excel from the registry it may prevent the spreadsheets from automatically updating from a live feed.

If the users need them they have to start the feed manually. In the same way, Microsoft has provided instructions for disable this Dynamic Data Exchange in its Office.com/Setup Office applications, including Publisher, Word and Outlook, along with the description of the impact if this DDE is disabled.

Source: http://office.com-setupinstall.com/microsoft-issues-advisory-office-users-fancy-bear-attacks/

Total Views: 26Word Count: 469See All articles From Author

Computers Articles

1. How To Download Free Trials Of Norton Security Software?
Author: Ellie Williams

2. How Does Ms Office 365 Help In Data Security Strategy In New Jersey?
Author: Vikram Kumar

3. Microsoft Support 1-844-727-3625 Toll-free
Author: corey

4. Renew Msn Premium 1-844-727-3625 Toll-free
Author: corey guptil

5. How To Fix Cisco Router Keeps Network Disconnecting Issue?
Author: Katherine Styne

6. Realiable Online Printing Solutions | Digital Printing Company Malaysia
Author: ooi solutions

7. Why We Should Ahead Of Physical Servers And Provide Our Business With Virtual Server Support In Ruth
Author: Vikram Kumar

8. The Computer Smartphone Investigation Services Helps To Reveal The Hidden Truth Behind Your Suspicio
Author: mikejanyl

9. How Important Is Customer Services & Role Of Document Management /crm
Author: Docusoft

10. Advantages Of The Best Vpn Service And Choosing Factors To Be Considered
Author: David

11. Sage 50 Uk Edition- Professional Accounts- Rockford, Dubai
Author: Murtuza Hussain

12. Twc Roadrunner Email Support 1-844-727-3625 Number
Author: kevin Lewis

13. Spectrum Roadrunner Email Support 1-844-727-3625 Number
Author: kevin Lewis

14. Roadrunner Support Phone Number 1-844-727-3625 Toll-free
Author: kevin Lewis

15. Roadrunner Support 1-844-727-3625 Toll-free Number
Author: kevin Lewis

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: