DooKey
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,577
A Malwarebytes security researcher has found a way to embed a specially-crafted settings file in an Office document and this can be used to run malicious code. This kind of exploit is just another example of what's unintentionally available in huge software packages like Windows 10 and Office. At least we have companies like Malwarebytes that are attempting to stem the flood of malware like this or we'd be in sad shape. Fortunately, this new malware vector still requires an individual to open the document in the first place. Word (no pun intended) to the wise is be aware of the source of your documents because these hackers are never going to quit.
The file format, specific to Windows 10 called .SettingContent.ms, is essentially XML code that is used to create shortcuts to the Control Panel.
"This feature can be abused because one of its elements (DeepLink) allows for any binary with parameters to be executed. All that an attacker needs to do is add his own command using Powershell.exe or Cmd.exe. And the rest is history," said Segura.
The file format, specific to Windows 10 called .SettingContent.ms, is essentially XML code that is used to create shortcuts to the Control Panel.
"This feature can be abused because one of its elements (DeepLink) allows for any binary with parameters to be executed. All that an attacker needs to do is add his own command using Powershell.exe or Cmd.exe. And the rest is history," said Segura.