If you use Microsoft Office, listen up: McAfee, the world’s largest dedicated technology security company, released some alarming news on April 11. Their virus and malware detection teams have identified a potential zero-day virus threat, based upon a vulnerability in Microsoft Office and Word.
This vulnerability within Microsoft software allows hackers to deliver malware to your computer via a Word document. This threat might appear completely innocent at first, showing up as a .doc file in email or another mode of delivery. But when you open the file, you will be connected to a remote server which downloads malware into your computer.
What is a zero day attack? Software companies continually review their products for problems, and release patches on a regular basis in order to fix them. However, hackers also devote significant time to searching for security issues. Occasionally, hackers discover security holes in software, that are unknown to the creators of that program. And before security teams discover these problems, hackers have already exploited the vulnerability. They get through to your computer and download viruses or malware to your machine. Even if the software creator does manage to identify the problem and release a patch to fix it, it’s already too late for those who have been infected.
In other words, sometimes hackers are one step ahead of software developers.
What to do about this threat. First, check for Microsoft updates, and install them immediately. This can cover some security threats (the ones that Microsoft has already identified). But of course, there is always the possibility that they have not yet identified all possible security vulnerabilities.
Next, give us a call at 888-RING-MY-TECH. While we can’t install an update or patch that does not yet exist, there are other ways to protect your computers and network. We will review your security protocol and make any necessary changes, so that your system stays as safe as possible.
Finally, make sure your employees understand that they should never download .doc files from any suspicious source. They should double check the validity of attachments in emails, and when in doubt, check with their supervisor first.