{"id":1719,"date":"2021-09-10T14:10:27","date_gmt":"2021-09-10T19:10:27","guid":{"rendered":"https:\/\/blogs.luc.edu\/uiso\/?p=1719"},"modified":"2021-09-10T14:10:27","modified_gmt":"2021-09-10T19:10:27","slug":"microsoft-warns-of-a-windows-zero-day-security-hole-that-is-being-actively-exploited","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/uiso\/microsoft-warns-of-a-windows-zero-day-security-hole-that-is-being-actively-exploited\/","title":{"rendered":"Microsoft warns of a Windows zero-day security hole that is being actively exploited"},"content":{"rendered":"<p>In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organizations.<\/p>\n<p>According to Microsoft, attacks exploiting the vulnerability have targeted companies via boobytrapped Microsoft Office documents.<\/p>\n<p>In short, a typical timeline of infection might go something like this:<\/p>\n<p>One of your users downloads or receives a boobytrapped Microsoft Office file. Perhaps they are socially-engineered into clicking on a malicious link, or find the poisoned file in their inbox.<br \/>\nThe user opens the Microsoft Office file to view its contents, but it contains an embedded malicious automated commands.<br \/>\nThe automated commands exploit the bug in Windows to gain the same level of permissions as the user, whereupon it installs malware of the hacker\u2019s choice.<\/p>\n<p>An attacker could craft a malicious code to be used by a Microsoft Office document. The attacker then convinces the user to open the malicious document.<\/p>\n<p>This vulnerability is being actively exploited\u00a0 and Microsoft is recommending that \u201cOffice users be extremely cautious about Office files \u2013 DO NOT OPEN if you do not fully trust the source!\u201d<\/p>\n<p>Please exercise caution if you receive an office file (Word, Excel, PowerPoint, Publisher, etc.) from an unknown or unexpected source.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a security advisory, Microsoft has warned that malicious hackers are exploiting an unpatched vulnerability in Windows to launch targeted attacks against organizations. According to Microsoft, attacks exploiting the vulnerability have targeted companies via boobytrapped Microsoft Office documents. In short, a typical timeline of infection might go something like this: One of your users downloads [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,5,6,7,8],"tags":[],"class_list":["post-1719","post","type-post","status-publish","format-standard","hentry","category-front-page","category-phishing","category-public-service-announcement","category-published","category-tips"],"_links":{"self":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/1719","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/comments?post=1719"}],"version-history":[{"count":0,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/posts\/1719\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/media?parent=1719"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/categories?post=1719"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.luc.edu\/uiso\/wp-json\/wp\/v2\/tags?post=1719"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}