Security News Microsoft Macros Remain Top Vector for Malware Delivery

[silversurfer]

Content source

https://threatpost.com/threatlist-microsoft-macros-remain-top-vector-for-malware-delivery/137428/

Attacks using malicious Microsoft macros, always a popular method for compromising target machines, are more virulent than ever, accounting for 45 percent of all delivery mechanisms analyzed in August.

Just behind this tried-and-true method lies the Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882), a bug that allows the attacker to perform arbitrary code-execution. In a report released Thursday from Cofense intelligence, it was shown to responsible for 37 percent of malware delivery last month, despite having been patched since last November.

The remaining 18 percent of delivery mechanisms spotted in August is mainly made up of batch scripts, PowerShell scripts and downloaders for Microsoft Windows scripting component (WSC) files (often seen in games). These all trail far, far behind the two leading vectors, with less than 6 percent of attacks each.

 

[shmu26]

45% macros + 37% unpatched vulnerabilities = over 80% of attacks come via Microsoft Office docs. That's an awesome stat.