<html>
<p><img src="https://scontent.fhan2-3.fna.fbcdn.net/v/t1.0-9/24774742_1326817080781285_3106405158277577156_n.jpg?oh=67ccf31d8615762e54a34fef81ab70eb&amp;oe=5ACA4848" width="665" height="332"/></p>
<p>&nbsp;<strong>A security vulnerability affects all versions of Microsoft Office, allowing malicious agents to create and spread malware based on macros.</strong>&nbsp;</p>
<p>&nbsp;According to Thehackernews, this is a form of software that allows macros to create more macros. This is not a new target for hackers, and Microsoft itself has prevented the threat by default, limiting the functionality.</p>
<p>But a report from Lino Antonio Buono, a security researcher at InTheCyber, said a simple technique could allow anyone to bypass Microsoft's security controls and create malicious software themselves. Copy behind the MS Word documents. Worse, Microsoft refused to consider this issue as a security flaw.</p>
<p>Remarkably, a security vendor report said a new ransomware tool based on a new macro called qkG uses the same method Buono describes. This ransomware was discovered on VirusTotal by a user in Vietnam. They argue that this ransomware seems to be an experimental project or a Proof of concept (PoC) that is not malware spread in the real world.</p>
<p>Ransomware qkG uses the Auto Close VBA macro, a technique that allows malicious macros to run when the victim closes the document. The latest qkG format now includes a bitcoin address with a small ransom request for a $ 300 bitcoin bonus. One note is that this bitcoin address has not received any payment yet, so it does not appear to be used to target the user.</p>
<p>To understand the problem, Buono shared the way that MS Word was attacked by malicious VBA code, and then provided automatic malware copying of multiple stages.&nbsp;</p>
<p>Specifically, Microsoft disables external (or unreliable) macros by default to restrict access to the default Office VBA program, but users can also manually enable Trust access to the VBA project object model if needed. . With Trust access to the VBA project object model, MS Office accepts all macros and runs arbitrary code without security warnings or requests from users.</p>
<p>Buono finds that this setting can be enabled / disabled by editing the Windows registry, eventually allowing macros to write multiple macros without the user's consent.</p>
<p>In other words, if the victim mistakenly allows malicious * .doc files to run once, their system will open the opportunity for macro-based attacks. The victim himself will also not know this and spread the same malicious code to others by sharing any infected Office files from his system. &nbsp;</p>
<p>&nbsp;Thank you for all the upvotes, comments and repost !!!</p>
<p>Much Love, Jimy Nguyen&nbsp;&nbsp;</p>
</html>