06 Jan MS Word subDoc Used to Steal User Account Credentials
Security researchers at Rhino Labs recently discovered that a Microsoft feature called subDoc can be used to extract NTLM hashes from Windows machines.
The subDoc feature allows Word files to load sub-documents from a master document. In one scenario, attackers can use subDoc to load a sub-document from a malicious server which can trick the target PC into handing over NTLM hashes for authentication on the fake domain.
The researchers warned that since the attack vector is not yet well-known, anti-virus software may not be able to detect or resolve it.
Source: Bleeping Computer
