This post was originally published on this site is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to

FireEye recently detected malicious Microsoft Office RTF documents
that leverage a previously undisclosed vulnerability. This
vulnerability allows a malicious actor to execute a Visual Basic
script when the user opens a document containing an embedded exploit.
FireEye has observed several Office documents exploiting the
vulnerability that download and execute malware payloads from
different well-known malware families.

FireEye shared the details of the vulnerability with Microsoft and
has been coordinating for several weeks public disclosure timed with
the release of a patch by Microsoft to address the vulnerability.
After recent public disclosure by another company, this blog serves to
acknowledge FireEye’s awareness and coverage of these attacks.

FireEye email and network products detect the malicious documents
as: Malware.Binary.Rtf.

Attack Scenario

The attack involves a threat actor emailing a Microsoft Word
document to a targeted user with an embedded OLE2link object. When the
user opens the document, winword.exe issues a HTTP request to a remote
server to retrieve a malicious .hta file, which appears as a fake RTF
file. The Microsoft HTA application loads and executes the malicious
script. In both observed documents the malicious script terminated the
winword.exe process, downloaded additional payload(s), and loaded a
decoy document for the user to see. The original winword.exe process
is terminated in order to hide a user prompt generated by the OLE2link.

The vulnerability is bypassing most mitigations; however, as noted
above, FireEye email and network products detect the malicious
documents. Microsoft Office users are recommended to apply the patch
as soon as it is available. 


FLARE Team, FireEye Labs Team, FireEye iSIGHT Intelligence, and
Microsoft Security Response Center (MSRC).

At L Technology Group, we know technology alone will not protect us from the risks associated with in cyberspace. Hackers, Nation States like Russia and China along with “Bob” in HR opening that email, are all real threats to your organization. Defending against these threats requires a new strategy that incorporates not only technology, but also intelligent personnel who, eats and breaths cybersecurity. Together with proven processes and techniques combines for an advanced next-generation security solution. Since 2008 L Technology Group has develop people, processes and technology to combat the ever changing threat landscape that businesses face day to day.

Call Toll Free (855) 999-6425 for a FREE Consultation from L Technology Group,