Combined with unpatched software, it’s a recipe for disaster.
I ran across this quote in a news article earlier today:
They target Windows users with malicious Winword attachments that exploit a Microsoft MSHTML remote code execution (RCE) bug . . .
It’s about a specific bug and a specific exploit, but honestly, it’s just an example of the #1 way hackers try to invade our systems.
It’s worth understanding exactly what it means.
Become a Patron of Ask Leo! and go ad-free!
Malicious attachments and you
Hackers use fake emails to fool you into opening attachments containing malware. The malware often targets unpatched vulnerabilities or bugs in the operating system or other software on your machine. It’s important to remain skeptical and cautious before opening any attachments, and always keep your system and other software as up to date as possible.
The quote is from a BleepingComputer article, “Hackers exploit Microsoft MSHTML bug to steal Google, Instagram creds“.
The targeting is apparently a little more specific than that:
A newly discovered Iranian threat actor is stealing Google and Instagram credentials belonging to Farsi-speaking targets worldwide . . .
By the time you read this, the vulnerability will likely have been patched.
This is a great example, however, of what I see happening every day.
Here’s how you protect yourself.
Attachments: the hacker’s way in
The first phrase catching my attention was “malicious Winword attachments”. (Winword refers to Microsoft Office’s Word for Windows.)
The most common scenarios include urgent-sounding messages that urge you to open an attached document to learn more about a package delivery. It’s not limited to messages purporting to be about unexpected deliveries, however.
These types of messages typically (but not always) share these characteristics:
- They claim to be from a company you recognize.
- They’re unexpected.
- They claim there is an issue that requires your urgent attention.
- They claim you need to view or otherwise download and open an attachment to deal with the urgent issue.
Don’t. Just … don’t.
Resist the urgency. Take the time to examine the message carefully before doing anything. Make sure it really is from who it says it is from.
If you’re unsure, ignore the message and contact the company that supposedly sent the message in some other way.
Attachments are only half the battle, however.
Unpatched vulnerabilities: the hackers’ goal
The second phrase that got my attention was “exploit a . . . bug”.
Malware generally attempts to take advantage of “vulnerabilities”. Vulnerabilities are nothing more than software bugs that are exploited to allow the malware to do something it shouldn’t. The most common example is called “privilege escalation”, which allows the malware to silently act as administrator on your machine even if you’re an admin yourself.
Naturally, these types of bugs are fixed relatively quickly,1 and the fixes are made available via Windows Update.
This is why it’s important to keep your machine — all your software, really — as up to date as possible. This means letting Windows Update run automatically and taking updates as they’re offered. Unless you’re willing and able to track individual vulnerabilities and their fixes (and I’m not), staying as up to date as possible is the wisest thing to do to stay safe.
And yet, there’s a hole in the safety net: zero-day.
“Zero-day”: the hacker’s jackpot
A “zero-day” vulnerability is a software issue that:
- Is being actively exploited “in the wild” to infect or otherwise compromise systems.
- Has no available fix yet.
“Zero-day” means that the software vendor has zero days to fix it before it’s a problem — it’s already a problem. (If a vulnerability is discovered before hackers learn about it, then there’s time to fix it before they use it “for real”.)
For you as a user, all this implies several important steps you need to take.
- Always be on your guard for things like malicious attachments, discussed above.
- Keep your security software as up to date as possible. It’s not uncommon for your anti-malware tool to detect malware exploiting a vulnerability before the vulnerability is repaired.
- Keep your system as up to date as possible so that when the vulnerability is repaired, you’ll no longer be at risk for that particular issue.
And subscribe to Confident Computing! — my weekly newsletter with more information every week to help you stay safe. Less frustration and more confidence, solutions, answers, and tips in your inbox every week.