![]() ![]() ![]() While Microsoft rates the vulnerability only as “Important” in severity, researchers at Embedi who found the bug, call it “extremely dangerous.” The vulnerability ( CVE-2017-11882) was patched as part of Microsoft’s November Patch Tuesday release of 53 fixes. I’ll be posting updates as they occur on the AskWoody blog.Microsoft on Tuesday patched a 17-year-old remote code execution bug found in an Office executable called Microsoft Equation Editor. ![]() If you want to block Проект.doc and its ilk, Microsoft has a list of a hundred-or-so patches that you should consider for immediate installation.įor most of us, I think it’s a good idea to sit tight and see what the unpaid beta testers say about this month’s Patch Tuesday patches. So, to get infected, you have to use Word to open an RTF file attached to an email (the only identified sample in the wild is called Проект.doc), and then you have to click on Enable Editing. (You can disable Protected view using a Group Policy, but that’s unusual.) Only with Protected view turned off will the bad RTF file do the dirty deed. Then, once you’ve opened the nasty RTF file using Word, you have to click the button at the top of the Word screen that says “Enable Editing.” That button overrides Word’s “Protected view” mode. (RTF is an ancient formatted document file specification.) Second, the RTF file has to open in Word - savvy security folks set things up so RTF files open with the Word Viewer, or some other program, because RTF has been subverted so many times. First, the bad guys have to get you to click on an RTF file, typically attached to an email. The weird infection vector should give you pause. So if you’re protecting cyber espionage worthy launch codes, federal indictments, or secret interview tapes, for or from Russian speakers, you should take notice. ![]() Microsoft says its “telemetry revealed very limited usage of this zero-day exploit.” It goes on to say “the adversary involved in this operation could be linked to the NEODYMIUM group,” which is a group Microsoft has long identified as being interested in “campaigns simply to gather information about certain individuals.” FireEye, which discovered the security hole, says “we assess with moderate confidence that this malicious document was used by a nation-state to target a Russian-speaking entity for cyber espionage purposes.” If you (or your users) jump through the right hoops, there’s a chance your machine will acquire a snooping program known, variously, as Finspy, Wingbird and FinFisher. NET called CVE-2017-8759, which surfaces when you use Word - but you need to use Word in a specific, unusual way. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |