McAfee reported on a company blog that the attackers recently released 3 Office zero-day exploits on security forum. Though 2 of the reported vulnerabilities only cause an app crash, but the third one seems to be very critical, as this could be made use for code execution, written by Karthik Raman, a McAfee researcher.
The fourth reported flaw has an effect on the way that Windows tackles .hlp files. It also could be exploited to executive arbitrary code, which is claimed to enable hackers to take control of a machine. The hlp files has been listed as unsafe by Microsoft for the reason that they are executable. The format is consisted with characteristics like those of .exe files
McAfee further maintained that it doesn’t know any attacks aiming at the latest flaws. Details of the vulnerabilities were made public around Microsoft’s Patch recently, while the company came up with latest software updates. McAfee advised that the timing might increase the period that the public is vulnerable to the vulnerability ahead of next month’s patch issuance. Microsoft still will release so-called out of band patches when flaw draws extensive attacks.
