Tech News: Microsoft patches serious Word bug targeted by scammers


A bug in Word which was seemingly used to attempt to steal banking logins will probably be patched, Microsoft has said.
The formerly undetected, or “zero day”, susceptibility was reported on the weekend.
Subsequently, on 10 April, cybersecurity company Proofpoint declared it had found an e-mail campaign targeting the bug that planned to Dridex malware that was spread.
Dridex was created to infect a victim’s computer and snoop.
As the means through which cyber-attackers stole more than £20 m, it had been mentioned in 2015.
A scam e-mail effort was found to be spreading Microsoft Word RTF [Rich Text Format] docs to receivers that included Dridex.
‘Totally worked’
“During our testing (for example on Office 2010) the exposed system was completely used,” wrote Proofpoint research workers in a site.
“We want to deal with this through an upgrade on Tuesday April 11, and customers that have upgrades empowered will be protected mechanically,” said a Microsoft spokesman.
“Due to the prevalent effectiveness and high-speed weaponisation of the exploit, it’s important that users and organisations use the patch when it becomes accessible,” the company said.