123ArticleOnline Logo
Welcome to 123ArticleOnline.com!

ALL >> Computers >> View Article

Microsoft Issues Advisory To Office Users After Fancy Bear Attacks

By Author: lenasmith
Total Articles: 48

Microsoft, the tech giant has posted a security advisory to let the Office customers minimize attacks that utilize an Office feature DDE to install malware upon opening an Office document. According to security researchers, since last month a Russia-linked hacking group named APT28 is making the use of DDE or Dynamic Data Exchange, an old protocol to embed malicious code through an infected Word document. This protocol enables the users to send messages between applications that share data.

These targeted attacks linked to this Russia-linked group are sometimes known as Fancy Bear hacking gang. Last month, it was observed that it was possible to plant attacks exploiting DDE via Excel spreadsheets, Word documents and Outlook, even when macros have not been enabled. For example- financial data that can be auto updated with new data from an external source.

As per McAfee researchers report, the hacking group has started using DDE in a word document with the file name “IsisAttackInNewYork.docx”. The hackers used DDE to launch a PowerShell script that lands to a URL and downloads an implant named Seduploader, which automatically fetches information about victims.

In the email attack scenario, an attacker could influence the DDE protocol by sending a specially customized file to the user and compelling him to open the file, mainly by the way of enticement in an email.

Before to this, the Dynamic Data Exchange attack was being used by cybercriminal groups. Sensepost researchers grab attention to the technique, which offered an alternative way to implant malware with macros. Sensepost reported this issue to the tech giant, Microsoft. However, Redmond thought it a feature and hence didn’t provide a patch in the October update.

The Fancy bear files that took the help of DDE were created on October 27 and shared with control server domains that were registered two days before.

Microsoft issues an advisory that if an attacker influence a user to open a document that make the use of DDE, the victim also need to disable Protected Mode and click through one or more additional prompts. The recommendation also points to instructions for administrators to enable DDE feature control keys that are saved in the registry.

The tech giant strongly encourages all the Office users to review the security-related feature control keys and to enable them for better protection from the Fancy Bear attacks. The advisory also include guide for disabling DDE from the inside of Office products. It shows that if DDE is disabled in Excel from the registry it may prevent the spreadsheets from automatically updating from a live feed.

If the users need them they have to start the feed manually. In the same way, Microsoft has provided instructions for disable this Dynamic Data Exchange in its Office.com/Setup Office applications, including Publisher, Word and Outlook, along with the description of the impact if this DDE is disabled.

Source: http://office.com-setupinstall.com/microsoft-issues-advisory-office-users-fancy-bear-attacks/

Total Views: 43Word Count: 469See All articles From Author

Computers Articles

1. Researchers Use Ridesharing Cars To Sniff Out A Secret Spying Tool
Author: Clara Clarkson

2. How To Troubleshoot Norton Error 8504, 104?
Author: James Watson

3. 24*7 Norton Customer Support Services Launched In Europe
Author: Maria Williams

4. Building An Access Databases
Author: Ben Beitler

5. How To Troubleshoot The Webroot Secure Anywhere Error 10?
Author: Daniel Wilson

6. Avg Ranked Under Top 10 Antivirus In 2018
Author: James Watson

7. Norton Tech Support: All-in-one Norton Support Service Provider
Author: Hey buddies! Sandy gibbon with more than five year

8. Is Your Tv Spying On You?
Author: Limeproxies

9. Hire Computer Repair Service Waukesha To Resolve The Issues Immediately
Author: adronseton

10. Looking To Buy A Surface Pro 4? Don’t Forget To Grab A Surface Pro 4 Promo Code
Author: Christine Bleakley

11. Some Great Exit Intent Strategies To Ensure You Never Lose A Visitor Again!
Author: jessia

12. Contact Hard Drive Data Recovery Milwaukee To Restore Data - Itcdatarecovery
Author: adneyjett

13. How To Avail And Cancel Mcafee Subscription Free Trial?
Author: Maria Williams

14. Never Underrate Your Laptop Charger
Author: Lapmart India

15. Türkiye'de çevrimiçi Elektronik Mağazalar: Yeni Gadget'lar Için Tek Elden Mağazanız
Author: Owenthomson

Login To Account
Login Email:
Password:
Forgot Password?
New User?
Sign Up Newsletter
Email Address: