Igor Bogachev 04/13/2017
1 Minutes

Monday night, researchers sounded the alarm about a critical 0-day threat known as CVE-2017-0199 in Microsoft Word that allowed booby-trapped Dridex phishing attacks to be sent to millions of employees claiming to be a PDF sent to them by their company copier. This one is particularly bad because it bypasses exploit mitigations built into Windows, doesn't require your employee to enable macros, works even against Windows 10 which is Redmond's most secure OS yet, and this exploit works on most or all Windows versions of Word.

Fortunately, on Tuesday Microsoft released its regular batch of security patches - including a fix for this nasty Office zero-day vulnerability CVE-2017-0199 – for the supported versions of Office 2010-2016. It turns out that this wasn't the only thing needed patching. An elevation of privilege vulnerability in Internet Explorer (CVE-2017-0210) that would allow an attacker to convince a user to visit a compromised website was also fixed.

Engineers at Cyber Advisors are directed to push the latest patches to client’s computers, and if anyone has older versions of Microsoft Office (2007 and older), we recommend to upgrade these Office Suites.

Related Posts

It is a long established fact that a reader will be distracted by the readable content of a page when looking at its layout.

Cole Goebel 26 March, 2024

Why Your Cybersecurity's Biggest Risk Likes Coffee Breaks: The Human Element

Discover how the human element can be the biggest threat to cybersecurity and how tools like…

Matt Kanaskie 16 January, 2024

Minnesota’s Whole of State Cyber Security Plan

The state of Minnesota has delivered, alongside some bitter cold, a new initiative aimed at helping…