• Home
  • Apps
  • Apps News
  • Microsoft Warns of Fresh Email Spam Campaign Exploiting Old Office Vulnerability

Microsoft Warns of Fresh Email Spam Campaign Exploiting Old Office Vulnerability

It's an old, yet reliable exploit targeted at European users right now.

Share on Facebook Tweet Share Reddit Comment
Microsoft Warns of Fresh Email Spam Campaign Exploiting Old Office Vulnerability

Photo Credit: Twitter/ Microsoft

Highlights
  • Hackers are again exploiting an old Office vulnerability, says Microsoft
  • The malicious file can infect a user's system when they just open a file
  • Microsoft is asking users to update their systems, if they haven't

Microsoft issued a warning on Friday regarding a spam campaign that seems to abuse a security vulnerability in its productivity suite - Office. The campaign involves sending malicious documents that can infect users when they simply open the attached RTF document. As of now, the spam campaign is targeting European users. Microsoft's Security Intelligence account made the announcement in a series of tweets on Friday afternoon.

According to Microsoft's security researchers, the ongoing spam campaign includes RTF documents that exploit the Microsoft Office and Wordpad CVE-2017-11882 vulnerability. Users can be infected by simply opening the attached document.

 

 

The CVE-2017-11882 vulnerability enables RTF and Word documents to execute commands right when they're opened. The vulnerability was patched back in 2017, but Microsoft claims the company still sees the exploit being used in spam campaigns which have increased in the last several weeks. Microsoft is recommending users to apply security updates.

Microsoft said that when a user opens an infected attachment, the file will try to execute a number of scripts written in VBScript, PowerShell, PHP, and others to download the 'payload'. These scripts are generally downloaded from a Pastebin repository.

According to Microsoft, the 'payload' that's download on an infected user's system is an executable backdoor trojan, programmed to connect to a malicious domain. Microsoft is asking all Windows users to install the security update for this vulnerability as soon as possible.

The malicious domain has been taken down, but Microsoft says there's always a possible risk of future campaigns that may use a similar tactic to exploit the vulnerability.

In case you've already applied the November 2017 patch, you're already protected from this vulnerability. This exploit has been used several times, in an effort to target users who may have forgotten to install the software update.

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Further reading: Microsoft, Microsoft Office, Security
Harpreet Singh Harpreet is the community manager at Gadgets 360. He loves all things tech, and can be found hunting for good deals when he’s not shopping online. More
Samsung Galaxy M40 Confirmed to Have 6GB RAM, Listing on Android Portal Hints at Dedicated Bixby Button
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.