PSA: New Microsoft Word 0day used in the wild

Haythem Elmir

Microsoft has just patched an important vulnerability in Microsoft Word during its latest patch Tuesday cycle. According to the security firm that found it [1], this new zero-day (CVE-2017-8759) was used in targeted attacks to install a piece of malware known as FinFisher.

Microsoft Office has been in the line of fire throughout the year with malware distributors employing various social engineering techniques to trick users into opening up booby-trapped documents laced with exploits or macros. Indeed, while drive-by download activity has plummeted, malicious spam has been the dominant threat.

In this blog post, we do a quick review of this latest exploit and how future attackers are likely to add it to their own campaigns.

To read the original article :

Laisser un commentaire

Next Post

Kaspersky Software Ordered Removed From US Gov't Computers

The Trump administration is ordering U.S. federal executive branch agencies to remove anti-virus software from Russian-owned Kaspersky Lab from their computers within 90 days. The Department of Homeland Security, in a statement issued Wednesday, says Kaspersky security products pose a risk to federal information systems because they provide broad access […]