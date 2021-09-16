Scammers send letters with an attachment, and if a company employee opens such a document on his computer, the vulnerability works

In Russia, attempts of hacker attacks were recorded in more than 18 organizations. Attackers exploit a new vulnerability in Microsoft Office products. This was reported by information security specialists from Kaspersky Lab.

“The way cybercriminals are exploiting the vulnerability now is through phishing emails with a document attachment. An employee just needs to open such a document on his computer for the vulnerability to work out, and then a “payload” (malware) is downloaded and installed on the victim’s computer, ”Izvestia, head of the complex threat detection department at Kaspersky Lab, quotes Evgeny Lopatin.

A vulnerability in MSHTML allows hackers to create documents that, when opened, Microsoft Office automatically downloads and runs a malicious script from the Web. The downloaded program allows you to run a sequence of certain actions in the PC, they specify in the newspaper.

