Cybersecurity Alert - Malicious OLE Objects in Microsoft Office Documents Used to Target Firms

June 17, 2016

Threat Summary

A new malware threat involving Microsoft® Office® documents attached to emails is in circulation. The affected documents contain Microsoft Object Linking and Embedding (OLE) objects, which are similar to macros and used to embed Adobe® Flash® content, JavaScript, graphs, and images, among other things, in Microsoft Office documents. In the case of this threat, OLE objects are used to embed VBScript or JavaScript code that installs malware (most commonly, ransomware) when a user double-clicks the OLE object in an email attachment. More information

ACA Aponix Guidance

ACA Aponix recommends taking the following steps to prevent malware infections via OLE objects:

  • Alert and train staff on phishing and spear-phishing attacks and the dangers of email attachments;
  • Consider using EMET and/or application whitelisting; and
  • Disable OLE functionality in Microsoft Office by changing the value of the registry key HKCU/Software/Microsoft/Office/< Office Version >/< Office application>/SecurityPackagerPrompt to 2. More details can be found in here. This change should be tested as it could affect add-ins such as Bloomberg.

Please reach out to us if you have any questions: