world exit download Cross icon Menu icon

The Microsoft Office Memory Corruption Vulnerability (CVE-2017-11882) [1], has been discovered. This vulnerability affects all versions of Microsoft Office. Security researchers have identified a memory corruption vulnerability in the Microsoft Equation Editor (EQNEDT32.EXE) that is used in Microsoft Office 2007 and older. Microsoft Equation Editor is still included in newer versions of Office to allow backward compatibility. An attack exploiting this vulnerability allows arbitrary code to be executed when a document is opened.

 

What you should do about it

  • eSentire highly recommends that Microsoft’s November security patches be deployed after a business impact review is completed.
  • Ensure users are well informed about current threats through awareness programs and training.

 

Additional details

This vulnerability isn’t being exploited in the wild currently, but if it follows the trends of similar vulnerability releases, it is expected with high confidence that it will be targeted in the near future.  For the Microsoft Office Memory Corruption Vulnerability to being successfully exploited, only basic user interaction, such as opening a spam email or clicking on a malicious link, is required. This vulnerability existed for 17 years before discovery; this is a reminder that even long-standing, trusted software can be subject to security flaws.

A full list of affected products and associated security patches is availed at Microsoft’s Security TechCenter page [1].

 

For more information please visit:

[1] https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-11882

See the latest security advisories

Articles and reports written by eSentire staff and our Threat Intelligence Research Group.

Ready to get started?
We're here to help.

Get Started
Reach out to schedule a meeting and learn more about our Managed Detection and Response, Risk Advisory, and Managed Prevention capabilities.