Re: Security isn't Job 1
>Given this flaw has been around for ages one has to ask why wasn't discovered and patched earlier?
A very good question, just done a google "hta exploit in office 2007"
7th result on the first page from Google got me this thread started on the 25-June-2016:
https://webcache.googleusercontent.com/search?q=cache:zSOTrzsbdIQJ:https://www.nulled.to/topic/170245-ancalog-multi-exploit-builder-exe-to-docpdfxlschmhta-fudsilent-doc/+&cd=7&hl=en&ct=clnk&gl=uk
Silent DOC 2007
Features:
-Upcoming FUD Crypter (S/R) * Not realeased yet, this is near future guys
-Include silent doc exploit
-Several exploits, most are sendable via GMail
-Compatible with every rat/keylogger/worm
-Compatible with XP - 10 32/64
-FUD (DOC CHM)
-Can be sent via gmail/fb (DOC XLS PDF)
-Works with every MS Office from 2007 to 2016 (excluding Starter edition - there's no macro support)
Sounds suspiciously similar to the .hta exploit being discussed here...
Given how long it has been around, it might be worth doing a trawl back through the inbox/spam/junk/trash folders and conducting a careful investigation of .doc attachments with notepad/emacs/vi.
From the little that is published on .hta and the total lack of security MS provides, I do wonder if the exploit also features in one of the toolsets for spooks that have been liberated in recent times.