Recently we reported about a critical code execution vulnerability in Microsoft Word that was being exploited in the wild by cyber criminal groups to distribute malware like Dridex banking trojans and Latentbot.
Now, it turns out that the same previously undisclosed vulnerability in Word (CVE-2017-0199) was also actively being exploited by the government-sponsored hackers to spy on Russian
Besides a previously undisclosed code-execution flaw in Microsoft Word, the tech giant patches two more zero-day vulnerabilities that attackers had been exploiting in the wild for months, as part of this month’s Patch Tuesday.
In total, Microsoft patches 45 unique vulnerabilities in its nine products, including three previously undisclosed vulnerabilities under active attack.
The first
A Microsoft Word zero-day vulnerability is being used to spread the Dridex banking Trojan in attacks that have bypassed mitigation efforts.
If you are a regular reader of The Hacker News, you might be aware of an ongoing cyber attack — detected in the wild by McAfee and FireEye — that silently installs malware on fully-patched computers by exploiting an unpatched Microsoft Word vulnerability in all current versions of Microsoft Office.
Now, according to security firm Proofpoint, the operators of the Dridex malware started
It’s 2017, and opening a simple MS Word file could compromise your system.
Security researchers are warning of a new in-the-wild attack that silently installs malware on fully-patched computers by exploiting a serious — and yet unpatched — zero-day vulnerability in all current versions of Microsoft Office on fully-patched PCs.
The Microsoft Office zero-day attack, uncovered by researchers
