Cyber Advisors Business Blog

Researchers Sound Alarm for A Critical 0-Day Threat in Microsoft

Written by Igor Bogachev | Apr 13, 2017 6:53:33 PM

Monday night, researchers sounded the alarm about a critical 0-day threat known as CVE-2017-0199 in Microsoft Word that allowed booby-trapped Dridex phishing attacks to be sent to millions of employees claiming to be a PDF sent to them by their company copier. This one is particularly bad because it bypasses exploit mitigations built into Windows, doesn't require your employee to enable macros, works even against Windows 10 which is Redmond's most secure OS yet, and this exploit works on most or all Windows versions of Word.

Fortunately, on Tuesday Microsoft released its regular batch of security patches - including a fix for this nasty Office zero-day vulnerability CVE-2017-0199 – for the supported versions of Office 2010-2016. It turns out that this wasn't the only thing needed patching. An elevation of privilege vulnerability in Internet Explorer (CVE-2017-0210) that would allow an attacker to convince a user to visit a compromised website was also fixed.

Engineers at Cyber Advisors are directed to push the latest patches to client’s computers, and if anyone has older versions of Microsoft Office (2007 and older), we recommend to upgrade these Office Suites.