MS Office Vulnerability: That doesn’t require a click


A new method of delivering malware has arrived that doesn’t require anyone to click on anything. All you need to do is hover your mouse over the wrong link. The link must be embedded in a PowerPoint presentation, and presently attackers are sending out convincing looking emails in an effort to get you to run the program.

Within the compromised PowerPoint presentation, users will see a slide that says “Loading, Please wait…” and if they hover the mouse over the text a script will run to install the malware.

Users of Office 2010 and newer will be prompted with a screen stating that “Microsoft Office has identified a potential security concern” and will prompt to Enable or Disable the script. Users frequently will not read these prompts and will often click Enable. This will allow the malware to install.

Users of older versions of Microsoft Office are unlikely to be prompted and the malware will simply install quietly in the background. Versions of Microsoft Office older than 2010 do not have the Office Protected View feature. Presently RJ Systems recommends upgrading to the latest version of Microsoft Office and ensuring that Office Protected View is enabled.

Please make sure you confirm with any sender that an attachment or link is valid before clicking on it. Both in your email and in text messages.