November 1, 2018

Embedded Video with MS Word Woes – WST

Last week a new Microsoft Word vulnerability was discovered concerning embedded video. This vulnerability allows malicious code to be placed inside of a Word document containing an embedded video link. This malicious code can be executed in the background without prompting the user.

This vulnerability appears to affect even the most recent versions of Microsoft Word. This method will likely become very popular with phishing campaigns. Currently no patch exists for this yet to be a CVSS number assigned vulnerability. Current potential mitigation methods would be to block Word documents containing the “tag: :embeddedHtml” or block Word documents containing embedded video.

Past Weekly Security Tips – WST

2018-12-04T22:01:08+00:00