| Recurring |
one_organization |
(a) The software failure incident having happened again at one_organization:
The incident of a software vulnerability in Microsoft Office files allowing hackers to install malware through Word documents has happened again within Microsoft. This vulnerability, referred to as "zero day," was detected in the past and resurfaced in 2017, affecting all Microsoft Office versions, including the latest Windows 10 [50990, 50590].
(b) The software failure incident having happened again at multiple_organization:
There is no specific mention in the provided articles about this software failure incident happening again at other organizations or with their products and services. |
| Phase (Design/Operation) |
design, operation |
(a) The software failure incident related to the development phase of design was due to a vulnerability in Microsoft Office files that allowed hackers to install malware through Word documents. This exploit, referred to as "zero day," worked on all Microsoft Office versions, with attacks stretching back to late January [50990]. The vulnerability stemmed from the Windows Object Linking and Embedding feature, as identified by FireEye, and the cybersecurity firm informed Microsoft to address the issue [50990].
(b) The software failure incident related to the development phase of operation was due to a security error in Microsoft Word that left it exposed to computer viruses, including powerful ones that could steal banking data. This vulnerability was exploited by a campaign via email distributing various types of malware, including the Dridex trojan, which could infect computers through email attachments [50590]. Microsoft acknowledged the problem and released a security patch to protect users [50590]. |
| Boundary (Internal/External) |
within_system, outside_system |
(a) within_system: The software failure incident reported in the articles is primarily due to contributing factors that originate from within the system. The vulnerabilities in Microsoft Office files that allowed hackers to install malware through Word documents were a result of flaws within the software itself. The exploit, referred to as "zero day," was a critical issue within the Microsoft Office suite affecting all versions, including the latest Windows 10 [50990, 50590].
(b) outside_system: The software failure incident also involved contributing factors that originated from outside the system. Hackers took advantage of the vulnerabilities within Microsoft Word to distribute malware, such as the Dridex banking Trojan, through email campaigns. These external threats exploited the software vulnerabilities to gain access to users' devices and steal sensitive information like banking credentials [50990, 50590]. |
| Nature (Human/Non-human) |
non-human_actions, human_actions |
(a) The software failure incident occurring due to non-human actions:
- The vulnerability in Microsoft Office files allowed hackers to install malware through Word documents, exploiting a zero-day vulnerability that works on all Microsoft Office versions [50990].
- The exploit involved giving an RTF file a .doc extension name, which, when opened, connected to the attacker's servers and automatically downloaded an HTML application file to give the hacker full control of the victim's device [50990].
- The vulnerability stemmed from the Windows Object Linking and Embedding feature, as identified by FireEye, and the exploit could be activated without human interaction if the victim opened the disguised text document [50990].
- The malware could be disguised as important files or documents sent over email, such as tax refund forms during tax season, to trick users into opening them [50990].
- The attack could not be activated if people opened the documents in Office's protected view, as mentioned by McAfee [50990].
- The malware distributed through the exploit included the Dridex banking Trojan, which infected computers through email attachments and allowed hackers to steal banking passwords [50590].
- The Dridex Trojan was sophisticated, hiding in the device's memory where antivirus programs couldn't detect it, and it could create a botnet of infected machines for hackers to access [50590].
(b) The software failure incident occurring due to human actions:
- Microsoft acknowledged the security issue and issued a security patch to address the vulnerability, urging customers to update their systems to protect themselves [50590].
- Microsoft advised customers to practice safe computing habits online, including being cautious before opening unknown files and not downloading content from untrusted sources to avoid such issues [50990].
- Proofpoint discovered a campaign exploiting the bug through email attachments, distributing various types of malware, including the Dridex banking Trojan [50590].
- The exploit involved social engineering tactics, such as sending spam emails pretending to be from a tax officer with fake tax refund forms attached to lure users into opening the malicious Word documents [50990].
- The cybersecurity firms McAfee and FireEye informed Microsoft about the vulnerability and worked with the company to address the issue [50990, 50590]. |
| Dimension (Hardware/Software) |
software |
(a) The software failure incident occurring due to hardware:
- There is no specific mention of the software failure incident in the articles being attributed to hardware issues. Therefore, it is unknown if the incident was caused by hardware-related factors.
(b) The software failure incident occurring due to software:
- The software failure incident reported in the articles is primarily due to vulnerabilities in Microsoft Office files that allowed hackers to install malware through Word documents. These vulnerabilities were exploited by cybercriminals to distribute malware, such as the Dridex banking trojan, through malicious Word documents [50990, 50590]. |
| Objective (Malicious/Non-malicious) |
malicious |
(a) The software failure incident described in the articles is malicious. Both articles [50990, 50590] report on a vulnerability in Microsoft Word that allowed hackers to install malware through Word documents. The exploit, referred to as "zero day," was actively used by cybercriminals to distribute malware, including the Dridex banking trojan, which is designed to steal banking credentials and take control of victims' computers. The attack involved sending malicious Word documents via email, disguising them as legitimate files to trick users into opening them and infecting their devices. This indicates a malicious intent to harm the system and compromise user data. |
| Intent (Poor/Accidental Decisions) |
accidental_decisions |
(a) The intent of the software failure incident was accidental_decisions.
The software failure incident related to Microsoft Word vulnerabilities was due to an error of security that left the software exposed to computer viruses, including powerful ones that could steal banking data [50590]. The vulnerability was a "zero-day" vulnerability, meaning it was unknown to the product manufacturer, and it was detected over the weekend [50590]. The incident involved a campaign via email that exploited the bug and distributed various types of malware, including the Dridex virus, which is a sophisticated banking Trojan [50590]. The hackers distributed documents in Microsoft Word RTF format containing the virus code [50590]. Microsoft acknowledged the issue and released a security patch to address it [50590]. |
| Capability (Incompetence/Accidental) |
development_incompetence |
(a) The software failure incident occurring due to development incompetence:
- The vulnerability in Microsoft Office files that allowed hackers to install malware through Word documents was due to a flaw in the Windows Object Linking and Embedding feature [50990].
- The exploit worked by disguising an RTF file as a .doc extension, connecting to the attacker's servers, downloading an HTML application file, and launching it to give the hacker full control of the victim's device [50990].
- FireEye informed Microsoft about the vulnerability, indicating that it stemmed from a function in Windows that allows integrating content from other documents [50590].
(b) The software failure incident occurring accidentally:
- The vulnerability in Microsoft Word that allowed for the distribution of malware, including the Dridex banking Trojan, was initially detected during a weekend and exploited through email campaigns [50590].
- The malware distribution through Microsoft Word RTF documents was a result of hackers using an "extensión hta" disguised as a conventional Word RTF file to evade security requirements [50590]. |
| Duration |
temporary |
(a) The software failure incident described in the articles is temporary. The vulnerability in Microsoft Word that allowed hackers to install malware through Word documents was a temporary issue that was actively exploited by cybercriminals. Microsoft acknowledged the problem and released a security patch to address the vulnerability [50990, 50590]. |
| Behaviour |
crash, omission, value, other |
(a) crash: The software failure incident described in the articles can be categorized as a crash. The vulnerability in Microsoft Office files allowed hackers to install malware through Word documents, leading to the system losing control and being exploited by attackers [50990, 50590].
(b) omission: The software failure incident can also be categorized as an omission. The vulnerability in Microsoft Word allowed the system to omit performing its intended functions of protecting user data and preventing malware installation, leading to the exposure of sensitive information and potential data theft [50990, 50590].
(c) timing: The software failure incident is not related to a timing failure as the system did not perform its intended functions too late or too early [50990, 50590].
(d) value: The software failure incident can be categorized as a value failure. The system performed its intended functions incorrectly by allowing malware to be installed through Word documents, compromising user security and privacy [50990, 50590].
(e) byzantine: The software failure incident is not related to a byzantine failure as the system did not exhibit inconsistent responses or interactions [50990, 50590].
(f) other: The software failure incident can be further described as a vulnerability exploit. Hackers took advantage of a security flaw in Microsoft Office files to install malware, gaining unauthorized access and control over users' devices [50990, 50590]. |