Microsoft Office Executables Can Be Used By Threat Actors To Deploy Malware

Soon, the list of LOLBAS files, which comprises legitimate binaries and scripts in Windows that can be exploited for malicious purposes, will be expanded to include the main executables for Microsoft's Outlook email client and Access database management system. Notably, the main executable for the Microsoft Publisher application has already been confirmed to have the capability to download payloads from a remote server. LOLBAS, short for Living-off-the-Land Binaries and Scripts, consists of signed files that are native to the Windows operating system or obtained from Microsoft. These files are genuine tools that hackers can misuse during post-exploitation activities to download and execute payloads stealthily without triggering defensive mechanisms. Recent research has revealed that even unsigned Microsoft executables have their uses in attacks, such as facilitating reconnaissance. Read more...