![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
DooKey
[H]F Junkie
- Joined
- Apr 25, 2001
- Messages
- 13,553
Rhino Labs has discovered a new way to get your Windows credentials using the subDoc feature of Microsoft Word. The bad guys insert a sub-document into a Word file from a server out on the internet. This sub-document tricks the PC into giving up the NTLM hash needed for authenticaton. Once they have this they can use the passwords found to get into the compromised computer or network. About the only way to avoid this is to only open trusted Word files. I wonder if Microsoft is going to disable this feature like they did the DDE support in Word because of similar abuse by hackers? Thanks cageymaru.
"As this feature has not been recognized publicly as an attack vector for malicious actions, it is not something that is recognized by anti-virus software," Rhino Labs says, highlighting that none of the antivirus engines on VirusTotal detected Word documents weaponized via the subDoc method.
"As this feature has not been recognized publicly as an attack vector for malicious actions, it is not something that is recognized by anti-virus software," Rhino Labs says, highlighting that none of the antivirus engines on VirusTotal detected Word documents weaponized via the subDoc method.