Microsoft Office bug can let hackers take over user's PC without even clicking any file

A zero-day vulnerability has been discovered in Microsoft Office that might allow hackers and bad actors to compromise a user's system and take control, without the need for the user to open an infected file. Apparently, documents infected by such malware use the Word template function to access an HTML file from a removed server. This file loads and runs a code on the user's system called PowerShell. 

According to collective-news.com, the problem with this is that Microsoft Word executes the code via a support tool. If the infected document is edited in RTF format, a user does not even need to open the document - it will run as soon as users see the document in the Preview Tab on Windows Explorer. 

Microsoft office infected file infects almost all the versions of MS Office

Security researcher Kevin Beaumont writes in his blog that "the vulnerability has been proved in Office 2013, 2016, 2019, 2021, Office ProPlus and Office 365. It also applies to Windows itself, e.g. it can be called from .lnk files — effectively there are two different issues, in my opinion, Office itself uses MS Protocol and allows loading unfiltered from HTML Word templates and Outlook links, and MSDT allows code execution."

The researcher also highlights that the security error is zero-day in nature, meaning that it has been in the open for quite a long time and Microsoft was probably not aware of it. However, Microsoft is not calling it a zero-day error in the MSRC post, and the company has not put the error as zero-day in Microsoft Defender Vulnerability Management as well. 

Hackers using Zoom to attack users' PC

According to a recent report by Google's Project Zero, hackers are using Zoom to target users around the world. Using the video conferencing platform, bad actors are sending a simple message to target users, putting their devices at risk. Now, unlike other spam messages, hackers are using some new technique wherein the user does not even need to interact with the message. All the hacker needs to do is send a message to a Zoom user over the XMPP protocol to compromise the user's system and deploy malware.