Trend Micro Facebook TrendLabs Twitter Malware Blog RSS Feed You Tube - Trend Micro
Search our blog:

  • Mobile Vulnerabilities

  • Zero-Day Alerts

  • Recent Posts

  • Calendar

    September 2015
    S M T W T F S
    « Aug    
  • Email Subscription

  • About Us

    After December’s Patch Tuesday, yet another vulnerability surfaces, this time targeting one of the Microsoft’s more usual members: WordPad. Trend Micro detects this vulnerability as TROJ_MCWORDP.A.

    The exploit works by using a specially-crafted .DOC, .WRI, or .RTF file to take advantage of the WordPad vulnerability, thereby causing the said application to crash. This crash may then allow a remote malicious user to take control of an affected system. Microsoft has already issued a bulletin regarding the issue, which can be found at the following link:

    What makes the malware exploiting this bug more interesting is that it exhibits a VMware-checking routine. If it detects that it is being run inside a virtual machine, it does not continue to exploit the affected system. Otherwise, it drops another malicious file detected as BKDR_AGENT.VBI. This backdoor opens a random port to allow hackers to connect to a system and once successful, they are able to execute commands.

    WordPad is Microsoft’s initial word processor, especially on a fresh install, but its presence eventually goes unnoticed once users install a more recognized word-processing suite like MS Office or Open Office. However, this seemingly trivial piece of software has had patches made for it in the past, so it may not come as a surprise that it has been exploited again.

    This exploit is just one of a series to affect Microsoft immediately after it released its monthly security updates. A zero-day bug in Internet Explorer was actively exploited just days ago to infect users with information-stealing malware. Mass SQL injections exploiting the same vulnerability were soon discovered affecting a Taiwanese search engine and a Chinese sporting goods site.

    Our engineers are now also still analyzing a proof-of-concept threat that exploits yet another zero-day flaw, this time in Microsoft’s SQL Server. Users are advised to apply patches once they are made available.

    The Trend Micro Smart Protection Network provides protection to Trend Micro customers against this recently discovered flaw, yet caution is urged since it remains unpatched by Microsoft.

    Share this article
    Get the latest on malware protection from TrendLabs
    Email this story to a friend   Technorati   NewsVine   MySpace   Google   Live   StumbleUpon


    © Copyright 2013 Trend Micro Inc. All rights reserved. Legal Notice