eSentire White Logo

Security advisories | Feb 26, 2019

CVE-2017-0199 Remote Code Execution Vulnerability in Microsoft Office/WordPad

Microsoft has issued a critical patch for a vulnerability affecting Microsoft Office and WordPad. The vulnerability allows Rich Text Format (RTF) documents to run scripts when opened. Malicious email campaigns using this vulnerability to install the Dridex banking trojan and other malware have been reported.

Recommended Actions:

  • Apply the relevant Microsoft patches as soon as possible to all Windows machines.
  • Do not open attached documents from unknown sources.

Additional Details:

  • It has been reported that having Protected View enabled in MS Office prevents the exploits from working, however, there are known bypasses; Protected View should not be relied upon as adequate mitigation.
  • The vulnerability does not affect Microsoft Office on Mac OS X.