Bitcoin Forum>Other>Beginners & Help
Pages:
Author

Topic: MS Word vulnerability could lead to stealing your bitcoins - page 2. (Read 468 times)

ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Re: MS Word vulnerability could lead to stealing your bitcoins
June 03, 2022, 05:10:39 AM
#12
Quote from: DdmrDdmr on June 02, 2022, 04:34:12 AM
Is it a real risk, or an exaggeration?

It affect Windows 7-11 and Windows Server 2008-2022 with severity score 9.3[1], i'd say it's real risk. There are already reports hackers exploit that vulnerability[2-3], although i don't know whether it's true or propaganda.

[1] https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2022-30190
[2] https://www.securityweek.com/chinese-threat-actors-exploiting-follina-vulnerability
[3] https://techcrunch.com/2022/06/01/china-backed-hackers-are-exploiting-unpatched-microsoft-zero-day
dkbit98
legendary
Activity: 2212
Merit: 7064
Re: MS Word vulnerability could lead to stealing your bitcoins
June 02, 2022, 03:28:06 PM
#11
Quote from: DdmrDdmr on June 02, 2022, 04:34:12 AM
Is it a real risk, or an exaggeration?
Using any microsoft programs like wiNd0ws os and ms office package with words is always a risk and they are known to be full of bugs, and most exploits work only in wiNd0ws.
Instead of doing various gymnastics to protect from next dangerous win exploit, it's much better to switch to Linux operating system and some alternative to ms words.
Most people are using Libre Office as open source alternative but if you want better compatibility with ms formats than I would suggest that you try OnlyOffice that is also free, and it works in all operating systems.

Lucius
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
Re: MS Word vulnerability could lead to stealing your bitcoins
June 02, 2022, 09:38:32 AM
#10
As stated in the OP, this vulnerability is not just about stealing Bitcoin but about any digital information you store on your computer - and it is known that private keys and seed should not be stored on a computer, especially not in unprotected form as plain text. At risk here are those who do not have high security standards and are negligent in most things they do - but since it is very easy to disable this attack, I see no reason why we should not prevent something bad from happening.

For those who have Windows in their local language and have never used Command Prompt, I suggest typing CMD into a Windows search engine, or translating Command Prompt into your local language before searching. Of course, copy the commands without quotes, and you can paste them by pressing CTRL + V.
DdmrDdmr
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
Re: MS Word vulnerability could lead to stealing your bitcoins
June 02, 2022, 09:34:46 AM
#9
Quote from: hugeblack on June 02, 2022, 06:56:04 AM
Does this include all file extensions that are opened by Microsoft Office applications or just the extensions above?
Those are the ones I’ve seen explicitly referenced so far.

Quote from: NeuroticFish on June 02, 2022, 07:08:51 AM
<…>
The video brilliantly displays a case use created by @John to demonstrate how the exploit can be taken advantage of. He does open the word document in the video, but this tweet claims that it can be activated in preview mode on a file explorer, which is a soft open in a sense.

Quote from: Smartvirus on June 02, 2022, 07:12:32 AM
<…>
The issue is not really down to one file name, but rather more to the whole set of possibilities it opens.
We need to stay tuned to see what solutions are set in place, likely leading to some security upgrade on MS’s behalf.
Smartvirus
legendary
Activity: 1554
Merit: 1139
Re: MS Word vulnerability could lead to stealing your bitcoins
June 02, 2022, 07:12:32 AM
#8
Is this doc, .docx or .rtf file supposedly the name of the document file in question? If not, any means by which we could identify such file or document?
Agina, having a system safety system up might be another to tackle the downloading and installation of applications from unknown source on your system.

It is preeminent that, users be careful of what app or file you click and download while browsing the Web. Not all assisted functions and updates on a site is needed. You never can possibly tell of an impending danger at all times and as such, its better you avoid what you don't tend to comprehend.

This further raises the alarm on why you shouldn't save your keys on electronic devices and even on Google clouds as, the chances of some malicious third party network coming up and provide some vulnerability to the system is always possible.
NeuroticFish
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Re: MS Word vulnerability could lead to stealing your bitcoins
June 02, 2022, 07:08:51 AM
#7
Quote from: DdmrDdmr on June 02, 2022, 04:34:12 AM
You don’t even need to open the document itself for the exploit to be set in motion.

This would be quite difficult. And from what I've seen in the YouTube video from @Rizzrack you do have to open it. (Thanks man, it's a very good video.)

Quote from: hugeblack on June 02, 2022, 06:56:04 AM
Does this include all file extensions that are opened by Microsoft Office applications or just the extensions above?

This is a very good question.
Modern Word documents are zip files. But same goes, for example, to Excel files too. The malicious file is a cleverly altered Word document, but I don't see why the same thing would not work with any (zip) Office file.

But, as you can see at 7:39 there ( https://youtu.be/3ytqP1QvhUc?t=459 ), the hearth of everything is

Code: