Security Firm Votiro Claims Crypto Mining Vulnerability In Microsoft Word

Announcements, News | February 21, 2018 By:

Israeli cybersecurity company Votiro claims it has uncovered a crypto-mining vulnerability in Microsoft Word.

When a user clicks on a link to a video in a Word document,  the video is launched through Internet Explorer, whether the user chooses that browser or not. For as long as the video is playing, the user’s CPU is silently being used for crypto-mining, handing the attacker his own remote “mint” to be used as he wishes.

Amit Dori, security researcher at Votiro, provided Block Tribune with further details.

BLOCK TRIBUNE: How can you protect yourself against this?

AMIT DORI:  You can protect yourself by maintaining an up-to-date machine with all security patches and updates installed. Furthermore, if you spot a serious CPU rise while watching an online video in Word, be aware it might be an in-browser miner and close the video frame.

BLOCK TRIBUNE: Is this only specific to IE, or will it work against other browsers?

AMIT DORI:  Word’s online video feature uses IE behind the scenes. There’s no way for the user to choose another browser so yes, in a way, this is specific to IE.

BLOCK TRIBUNE: Does the hack work after the video is over?

AMIT DORI:  The video is not important, as it is only there to make sure the video frame remains active for longer periods. The moment the frame is closed the attacker can no longer use the CPU for mining, unless the hacker was able to infect the machine.