Once again, a significant security flaw has been uncovered. And this time it's not in any hidden Operating System layer or browser plug-in, but rather it's in one of the staples of the business world - Microsoft Word.
News of the bug spilled out over the past few days. In it's security advisory, Microsoft said the "critical" rated bug could allow an attacker to take control of an affected system and do things such as install programs or create new accounts with full user rights.
Scary stuff for sure.
Unlike other Office-related malware, attackers don't need to use macros to take advantage of this flaw. Instead, the vulnerability, which relates to the Windows Object Linking and Embedding (OLE) function, is triggered when a victim opens a trick Word document. The document will download a malicious HTML application from a server, disguised to look like a Rich Text document file as a decoy. The HTML application meanwhile downloads and runs a malicious script that can be used to stealthily install malware.
Are you glazing over just about now with all this techno-jargon? Sorry about that. I would think you must be asking yourself, "so, what does this mean to me?" Simply put, you need to be aware that this is out there and take the necessary precautions. Both in how your company is running its IT as well as how you, as a user, work.
Here are the ways to make sure you're staying ahead of this flaw:
- Do NOT open any Word attachments that you are not expecting. Especially ones that claim to be from your company's scanner/copier.
- Make sure you're setup as a standard user (a Windows user without Local Administrator rights).
- Make sure your Office patches are up to date.
- Make sure your security perimeter protection is complete at all times including anti-virus, firewall with Intrusion Protection Services, and Internet Threat Protection and are all licensed, current, and fully managed.
- Last but not least, make sure your backup is complete, current, and is tested on a recurring basis.
The first one is all about user training. This should be a given - don't open any attachments you aren't expecting - but a good reminder never hurts. The remaining items are all about how your IT is being run.
The second one is key component of how we like to secure our clients' networks. Setting up users with Local Admin rights is a definite no-no as far as industry standard best practices goes.
As for the third one, if you're one of our Managed IT Service clients, you're already ahead of the curve as we're on top of this flaw and the patch is included in our regular, recurring patch schedule. If you're not, please make sure to reach out to your IT guy to make sure this patch (and all the related ones) get on to your systems as soon as possible.
Four and Five are, again, the foundational aspects of how a business network should be run. And again, for the most part our Managed IT Services clients should be well protected in these areas.
Again, just another example of why how you run your IT is so critically important. And why our clients sleep better at night knowing FPA is taking care of theirs.
If you have any questions, please feel free to reach out to me at any time.
What do you think about these 5 way to protect against this flaw? Let us know in the Comment box below or shoot me an email if you’d like to chat about this specifically.