Microsoft has issued a critical patch for a vulnerability affecting Microsoft Office and WordPad. The vulnerability allows Rich Text Format (RTF) documents to run scripts when opened.   Malicious email campaigns using this vulnerability to install the Dridex banking trojan and other malware have been reported.

 

Recommended Actions:

  • Apply the relevant Microsoft patches as soon as possible to all Windows machines.
  • Do not open attached documents from unknown sources.

 

Additional Details:

  • It has been reported that having Protected View enabled in MS Office prevents the exploits from working, however, there are known bypasses; Protected View should not be relied upon as adequate mitigation.
  • The vulnerability does not affect Microsoft Office on Mac OS X.

 

References:

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-0199

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory and Managed Prevention capabilities.