News

Trojan Exploits Unpatched Office Vulnerability

Symantec has spotted a specially crafted Trojan that can exploit an Office hole that had been previously patched.

The attack occurs when a user opens up an e-mail that contains a Microsoft Word file with a malicious DLL (Dynamic Link Library) file.

"The exploit makes use of an ActiveX control embedded in a Word document file," wrote Takayoshi Nakayama, a researcher at Symantec, in a blog post. "When the Word document is opened, the ActiveX control calls fputlsat.dll which has the identical file name as the legitimate .dll file used for the Microsoft Office FrontPage Client Utility Library."

Nakayama said that once this flaw has been exploited, an attacker is free to load up an infected system with malware. He also advises that if you see an e-mail attachment with the file name ftutlsat.dll, proceed with caution.

And an e-mail with this type of attachment should be easy to spot, according to Nakayama: "The files stand out from the common targeted attacks because a Microsoft Word document file is paired with a .dll file. Usually, targeted attacks involve one file which drops malware. The pair would most likely arrive to the target wrapped in an archive file attached to an email. It is common to see document files sent by email inside an archive, but typically, you would not see .dll files ever sent by email."

The exploit, recently seen in the wild by the security firm, had been previously fixed by Microsoft in September's Security Update, bulletin MS11-073.  Nakayma warns that because the bulletin was only classified as "important" by Microsoft, it might have been overlooked.

To protect your system make sure bulletin MS11-073 has been applied.  

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Vendors Issue Patches for Linux Container Runtime Flaw Enabling Host Attacks

    This week, the National Institute of Standards and Technology (NIST) described a high-risk security vulnerability (CVE-2019-5736) for organizations using containers that could lead to compromised host systems.

  • Windows 10 Version 1809 Users May Get Visual Studio Crashes

    Microsoft on Friday issued an advisory for Windows 10 version 1809 users about possible Visual Studio crashes.

  • Standardizing the Look of Outlook's Outbound Messages

    Microsoft typically gives users a blank canvas to compose new e-mails in Outlook. In some corporate environments, however, a blank canvas isn't a good thing.

  • Windows 10 'Semiannual Channel Targeted' Goes Away This Spring

    Microsoft plans to slightly alter its Windows servicing lingo and management behavior with its next Windows 10 operating system feature update release, coming this spring.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.