"Attackers Bypass Microsoft Patch to Deliver Formbook Malware"

Researchers from Sophos Labs have discovered the use of a novel exploit that can bypass a patch for a critical vulnerability impacting the Microsoft Office file format. Attackers weaponized a publicly available proof-of-concept Office exploit to deliver malware called Formbook. This malware was being distributed via spam emails for about 36 hours before it disappeared. The vulnerability, tracked as CVE-2021-40444, is a critical remote code execution (RCE) flaw that can allow attackers to secretly execute any code or commands on a target machine. Microsoft released a patch in September to address the flaw then shared how attackers have been exploiting the vulnerability to deliver custom Cobalt Strike payloads. In late October, the Sophos researchers discovered the 36 hour-campaign involving the new exploit. The attackers reworked the original exploit by putting the malicious Word document inside a specially crafted RAR archive. According to the researchers, the updated attack's short lifespan indicates that it could have been a dry run experiment, which could return in the future. This article continues to discuss the bypassing of a patched Microsoft Office flaw to deliver Formbook malware. 

Help Net Security reports "Attackers Bypass Microsoft Patch to Deliver Formbook Malware"