Researchers Sound Alarm for A Critical 0-Day Threat in Microsoft

Posted by Igor Bogachev on Apr 13, 2017 1:53:33 PM

Monday night, researchers sounded the alarm about a critical 0-day threat known as CVE-2017-0199 in Microsoft Word that allowed booby-trapped Dridex phishing attacks to be sent to millions of employees claiming to be a PDF sent to them by their company copier. This one is particularly bad because it bypasses exploit mitigations built into Windows, doesn't require your employee to enable macros, works even against Windows 10 which is Redmond's most secure OS yet, and this exploit works on most or all Windows versions of Word.

Fortunately, on Tuesday Microsoft released its regular batch of security patches - including a fix for this nasty Office zero-day vulnerability CVE-2017-0199 – for the supported versions of Office 2010-2016. It turns out that this wasn't the only thing needed patching. An elevation of privilege vulnerability in Internet Explorer (CVE-2017-0210) that would allow an attacker to convince a user to visit a compromised website was also fixed.

Engineers at Cyber Advisors are directed to push the latest patches to client’s computers, and if anyone has older versions of Microsoft Office (2007 and older), we recommend to upgrade these Office Suites.

Topics: Education

About this blog

Welcome to the Cyber Advisors Blog.  Please take a moment to read through our content.  If you would like more information on any of these topics, simply reach out to us via contact information below.  If you find our content valuable, please subscribe.  

 

 
 
Would you like to hear from us? Click Below!
Learn More

Subscribe Here!

Recent Posts

Posts by Tag

See all