microsoft word


In the blog we posted on March 22, FortiGuard Labs introduced a new Word Macro malware sample that targets both Apple Mac OS X and Microsoft Windows. After deeper investigation of this malware sample, we can confirm that after a successful infection the post-exploitation agent Meterpreter is run on the infected Mac OS X or Windows system. Meterpreter is part of the Metasploit framework. More information about Meterpreter can be found here. For this to work, the attacker’s server must be running Metasploit as the controller to control the... [Read More]
by RSS Chris Navarrete & Xiaopeng Zhang  |  Mar 29, 2017  |  Filed in: Security Research
Overview From the Yes, You Really Should Upgrade Department, FortiGuard Labs has discovered a third Microsoft Office Vulnerability that is rolled into today's Patch Tuesday updates. For a bit of variety, this is a double free vulnerability in Word 2007 and 2010. The vulnerability occurs when Word fails to validate that a pointer was already released before attempting to release it again, causing conditions that attackers could leverage to achieve remote code execution scenarios. The underlying problem involves an internal structure... [Read More]
by RSS Kai Lu  |  Dec 08, 2015  |  Filed in: Security Research
Overview Microsoft Office is the most popular productivity suite in the world, first released by the Redmond software giant in 1988. Microsoft releases updates and patches for its software, including Office, on what is now commonly known as Patch Tuesday (the second and sometimes the fourth Tuesday of each month). Today, Patch Tuesday includes not one, not two, but three vulnerabilities discovered by researchers at FortiGuard Labs. The first is a heap overflow vulnerability Microsoft Word 2007. Although it was released eight years ago, Office... [Read More]
by RSS Kai Lu  |  Dec 08, 2015  |  Filed in: Security Research
Updates, upgrades and patches, oh my. The week of May 7-11 was indeed a week of major patches from some of the biggest players. The good news is, many of the most popular OSes, Web browsers and applications are now a tad more secure. Here is a look at last week's security news. Patch Tuesday Delivers Three Critical Updates: For its regularly scheduled Patch Tuesday security update, Microsoft released a total of seven bulletins, three designated with the highest severity rating of “critical,” repairing a total of 23 vulnerabilities in Microsoft... [Read More]
by RSS Stefanie Hoffman  |  May 14, 2012  |  Filed in: Industry Trends & News
Both Microsoft and Adobe delivered their one-two punch that aimed at plugging security holes and halting active exploits dead in their tracks for the month of May. And while the Microsoft and Adobe both addressed critical flaws affecting a wide swath of users, neither bulletin will likely overwhelm users this month. For its May Patch Tuesday security update, Microsoft released a total of seven bulletins, three designated with the highest severity rating of “critical,” repairing a whopping 23 vulnerabilities in Microsoft Windows, Office, Silverlight... [Read More]
by RSS Stefanie Hoffman  |  May 09, 2012  |  Filed in: Industry Trends & News