Microsoft has just patched an important vulnerability in Microsoft Word during its latest patch Tuesday cycle. According to the security firm that found it , this new zero-day (CVE-2017-8759) was used in targeted attacks to install a piece of malware known as FinFisher.
Microsoft Office has been in the line of fire throughout the year with malware distributors employing various social engineering techniques to trick users into opening up booby-trapped documents laced with exploits or macros. Indeed, while drive-by download activity has plummeted, malicious spam has been the dominant threat.
In this blog post, we do a quick review of this latest exploit and how future attackers are likely to add it to their own campaigns.
To read the original article : https://blog.malwarebytes.com/threat-analysis/2017/09/psa-new-microsoft-word-0day-used-wild/