Did you know that cybercriminals can put malware on your computer by sending you a Word document?
The scary part is that malware can be run without even opening the document. This dangerous find was made by security researcher Joshua Drake.
CVE-2023-21716 is so dangerous that it has been given a rating of 9.8 for how likely it is to hurt the average user. The good news is that Microsoft fixed the problem on February Patch Tuesday, but you still need to get the update to stay safe.
How dangerous could this kind of attack be for you?
A new way for malware to spread through Microsoft Word.
Drake’s proof-of-concept shows that even Word files viewed in the Preview Pane can contain an RTF payload that can take over your system.
Criminals now have a new way to spread malware: Word files that don’t need to be opened. Even just looking at the doc can make your device sick.
These Word files need to be changed in a certain way to cause trouble, but Drake’s research shows how easy it is to do so.
The tampered files can cause a corruption flaw that can lead to a lot of bad things. Most importantly, let someone else access and control your computer from anywhere in the world.
Even though there is no evidence that cybercriminals are using this exploit, Microsoft has decided to sound the alarm. There have been a number of ideas for how to move forward.
How to stay away from this dangerous new way that malware is spread
Microsoft just put out this CVE-2023-21716 vulnerability report. The best way to keep your Windows PC safe is to update it as soon as possible.
To update Windows 10, do the following:
Start, click Settings, click Update & Security, and then click Windows Update. Click “Save and install.”
To update Windows 11, do the following:
Start, then Settings, then Windows Update, then look for changes.
If there is a new version, click “Download and install now.”
Don’t stop there, though.
Making sure Windows is on the latest version is important, but there are other steps you can take to protect your computer.
Here are a few suggestions:
Stay away from links and attachments. Don’t click on links or attachments in emails you didn’t ask for. They could be bad, infect your device with malware, or steal sensitive information. Now, it can be dangerous to just look at a Word doc.
Be careful of phishing emails.
Scammers send them to get you to click on links that they say lead to important information. Look out for strange URLs, return addresses, and spelling and grammar errors.
Use strong, unique passwords.
You can follow this step easily with password managers if you tap or click here.
Antivirus is vital. On all of your devices, you should always have a trusted antivirus programme that is up-to-date and running.