Keep an eye out – Malware-infected Word docs spreading

Word doc spreading malware
© Dennizn | Dreamstime.com

Did you know cybercriminals can infect your PC with malware using nothing but a Word doc? The scary part is the doc doesn’t even need to be opened to execute malware. Security researcher Joshua Drake detected this dangerous discovery.

CVE-2023-21716 is so dangerous it’s been rated a 9.8 in terms of how potentially harmful it can be to the average user. The good news is Microsoft’s February Patch Tuesday release fixed the issue, but you need to get the update to avoid the risks.

Just how harmful could an attack like this be for you? Read on to find out.

A new twist on Microsoft Word spreading malware

Drake’s proof-of-concept shows that even Word files viewed through the Preview Pane may deliver an RTF payload capable of taking your system out of your hands. Delivering malware through Word docs that don’t need to be opened is a game changer for criminals. Just previewing the doc can infect your device.

These Word documents need to be modified in a specific way to wreak havoc, but Drake’s findings outline how easily it can be done.

The rigged files can trigger a corruption flaw that opens the door to a world of terrible possibilities. Most notably, allowing a third party to access and control your computer from anywhere remotely.

While there’s no proof of cybercriminals actively using this exploit, the finding has been enough to sound the alarm on Microsoft’s end. There have been more than a few proposed solutions moving forward.

How to avoid this dangerous new way malware is distributed

Microsoft recently released this vulnerability report on CVE-2023-21716. The best way to stay protected is to update your Windows PC ASAP. As we mentioned earlier, February’s Patch Tuesday update fixed this flaw.

To update Windows 10:

  • Go to Start > Settings Update & Security > Windows Update. Click Download and install.

To update Windows 11:

  • Go to Start Settings > Windows Update Check for updates.
  • If an update is available, select Download and install now.

But don’t stop there. Ensuring Windows is updated to its latest version is critical, but there are more security precautions that you can take. Here are some ideas:

  • Avoid links and attachments — Don’t click on links or attachments you receive in unsolicited emails. They could be malicious, infect your device with malware and/or steal sensitive information. Now, just previewing a Word doc can be dangerous.
  • Beware of phishing emails — Scammers send malicious emails to trick you into clicking links that supposedly have important information. Look out for strange URLs, return addresses and spelling/grammar errors.
  • Use strong, unique passwords — Tap or click here for an easy way to follow this step with password managers.
  • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!

Tags: antivirus, cybercriminals, exploit, malware, Microsoft Windows, Microsoft Windows 10, password managers, Patch Tuesday, Phishing Emails, security, security researcher, update, vulnerability