For many years, users of Microsoft Office 2010 were instructed to watch out for a certain exploit that could leave them vulnerable to remote code execution. That particular exploit was listed by Internet security analysts as CVE-2012-0158, also known as the Microsoft Word intruder, which affected not only Office 2010 but also Office 2007 and Office 2013.
It so happens that cybercrime perpetrators have decided to modernize the old Microsoft Word intruder. In late July 2016, industry site IT World Canada reported on an update from Internet security firm Sophos, which reported updated versions of this exploit.
How the Microsoft Word Intruder Works
Contrary as to what its name might suggest, the Microsoft Word intruder does not limit itself to Word documents. Just about any file format supported by Office 2010 can be used to launch the attack; this includes Rich Text Format (.rtf), an old Windows standard, and evem HTML.
The basic mechanism of the exploit consists of distributing a document that contain an Encapsulated Postscript (EPS) file, which looks like a standard image. The targeted user does not usually suspect anything; however, the document acts like a booby trap in the sense that executes malicious code in the background that connects the victimized computer, laptop, tablet, or smartphone to a rogue server.
Once the targeted device has been compromised, remote attacks can be launched on a network. Another scenario would be a computer becoming part of a botnet to distribute spam or malware.
The Updated Version of the Exploit
IT World Canada reports that the new version of this Microsoft Office 2010 cyber threat has become more sophisticated. In an effort to prevent suspicion among victims, the document inside the exploit kit has been significantly reduced in size and has been renamed to “document.xml,” although this may change from one cybercrime group to another.
In the past, known hacking outfits combined the Microsoft Word intruder with the FAREIT Trojan, which took advantage of a Windows Powershell vulnerability. The new intruder is more likely to arrive via an email message with attachments.
The generic hook of the messages is written in “corporate speak” that makes vague references to payments, invoices, orders, price quotations, etc. Sophisticated cybercrime crews may conduct some research on their intended victims to craft the message. For example, the email address may be spoofed to resemble an internal user, and the message could be crafted in a way that resembles the office culture.
Corporate IT security managers in Canada should research the new threat, which has been filed as CVE-2015-2545, and apply the necessary patches to avoid being compromised. This new exploit kit actively targets Microsoft Office versions installed within a business network.
Windows 7, while known for its performance and stability, is not exactly the most feature-packed and exciting operating system out there. A number of features and programs that most users take for granted are not available in the system itself and need to be installed separately. Let’s take a look at a few now:
Google Chrome is the most popular browser these days, particularly among those who know their way around a computer. There are plenty of reasons: it’s fast, secure, and has an enormous number of extensions available to make it even more useful and customizable, which is important since this is likely to be the most used piece of software on your computer.
Windows comes with Internet Explorer as the default web browser. While it has improved significantly over the years, it still lacks many of the features that make alternatives like Chrome attractive. Chrome, for example, has a much larger extension library.
Firefox is the other major choice worth considering. Like Chrome, it is fast, features an enormous library of extensions and add-ons to expand functionality, and has lots of features to improve your security and privacy.
While the browser might be the most used software on your computer, your antivirus program is probably the most important, especially with Windows 7: this version of Windows lacks the built-in protection of the newer Windows operating systems.
When it comes to antivirus, there are several good choices, depending on what features you want and whether you want to pay for the software. The website av-test.org conducts tests of all the major antivirus software out there and provides detailed ratings and reviews. Their current top choices for Windows 7 are Avira Antivirus Pro 2016, Kaspersky Lab Internet Security 2016, Norton Security 2016, and Trend Micro Internet Security 2016. You can’t go wrong with any of these choices.
Having access to cloud storage is almost essential these days, especially if you use your computer for business, and Dropbox still tends to be the most popular. It’s reliable and affordably priced. Alternatives include Google Drive and Microsoft OneDrive. They all do pretty much the same thing.
Finally, we can’t forget about our entertainment! iTunes is, of course, extremely popular, but another excellent piece of software is VLC. VLC is a free media player that has become famous for being able to play basically any file type you can throw at it. Windows 7, by default, will be able to play many of the most common files, but there are plenty that it just can’t handle without additional software, and VLC takes care of that.
One of the most important responsibilities any security guard has is writing incident reports that are not only accurate and thorough but paint a clear picture for those who weren’t there. Modern incident reporting software simplifies this job greatly, but even the most sophisticated incident management system can’t ensure that the necessary details are present, precise and concise.
Date, Time and Location
Time is of the essence, which is why most security guard management protocols recommend that incident reports to be started within 15 minutes of an incident. A report must include the date, the exact time the incident took place or an estimate and the location where it occurred. If the time is an estimate specify that, and indicate time and location information within context, such as providing the work shift during which it happened and the name of the building or nearest landmark.
Details of the Incident and Intervention
Most incident reporting software includes areas to describe the circumstances of the incident and any intervention during and response in the aftermath. Details should be as factual as possible, but the security guard should include his or her perception of events in order to fill in information gaps.
Statements from Witnesses and Other Relevant People
Incident management systems will generally have optional areas for you to include statements from witnesses, employees, residents and so forth. These statements should be separate from the security guard statement and clearly identified as personal accounts. Use direct statements whenever possible, and put statements in quotes to indicate that they’re verbatim.
Circumstances Prior to, During and After the Incident
Context is everything, so security guard management will usually require a guard to include any pertinent details that set the scene before, during and after the incident took place. The goal here is to indicate an environmental and other factors that did or could have contributed to the event. If there was faulty equipment or other hazards present, for instance, these should be a focal point.
All Notifications Made
Incident reports must also indicate all parties who were notified due to the event. This includes the chain of command for the worksite, hospital, residence and so forth as well as any external parties, such as emergency services, law enforcement or even family members of those involved.
If the incident in question was an avoidable event, then the guard should indicate any actions he or she took to prevent further incidents. These actions can be both short-term, such as placing a wet floor sign, and long-term, such as updating safety protocols. If the person writing the report doesn’t have the power to enact those actions, then recommendations should be included in the report instead.