A manipulated Microsoft Word file is currently circulating on the Internet, which installs malware on Windows PCs when it is opened. As “heise” reports, the document was found by security researchers nao_sec. It was uploaded to Virustotal from a Belarusian IP address.
Using Word’s remote template feature, the document downloads an HTML file from the Internet. This in turn uses Microsoft’s MSDT URI handler to load and execute other malware.
Danger for Windows users: How to protect yourself
Apparently numerous versions of Word 2013, 2016 and 2021 under Windows 10 and 11 are affected. The vulnerability has not yet been reproduced in the latest Office package.
The most important protection is currently the update to the latest Word version. In general, the malicious document is not a reason to panic. The malicious code is only executed when the document is opened. However, only if the “protected view” with which the document is usually opened is deactivated.
So far, only a few attacks in Belarus are known. Nevertheless, it could make sense for IT administrators to make employees aware of this type of attack and to warn them to be careful.