Cyber-attackers could exploit security flaw found in the embedded video function of Microsoft Word
By Cameron Abbott and Colette Légeret
Cymulate, a leading provider of Breach and Attack Simulation solutions and a Gartner 2018 Cool Vendor, announced last week that its Security Research Team had uncovered a security flaw in the Microsoft Office Suite (Office) that may affect Microsoft Word (Word) users.
This could be done by embedding a video inside a Word document, editing the XML file named document.xml, replacing the video link with a crafted payload that opens Internet Explorer Download Manager with the embedded malicious code execution file. Thereby allowing cyber-attackers to trick Word user into installing a fake software update to watch the embedded YouTube video.
Cymulate has notified Microsoft of this security flaw. It does beg the question what other flaws exist if one exists in a daily used programme, such as Office – it certainly makes you think twice about opening any embedded files in future! It is worth noting that we often train our employees about opening strange attachments in emails – it may be time to expand this instruction.