Somebody at McAfee jumped the gun. Last Friday night McAfee disclosed the inner workings of a particularly pernicious rigged Word document attack — a zero-day involving a linked HTA file. On Saturday FireEye — citing a “recent public disclosure by another company” — gave more details, and revealed that it had been working on the problem with Microsoft for several weeks.It looks like McAfee’s public disclosure forced FireEye’s hand prior to Microsoft’s anticipated fix tomorrow.[ Office 365 vs.

Google G Suite: Productivity smackdown • Collaboration smackdown • Management smackdown. | Our guide to Exchange-based tools in Windows, MacOS, iOS, and Android: Desktop Outlook vs. mobile Outlook vs. native apps. ]

The exploit appears in a Word doc attached to an email message. When you open the doc (an RTF file with a .doc name extension), it has an embedded link that retrieves an HTA file. (An HTML application is usually wrapped around a VBScript or JScript program.)To read this article in full or to leave a comment, please click here

Leave a Reply