Over the past few days, cyber criminals have exploited a zero day Office vulnerability in their malicious email campaigns. The attack arrives as an email with an attachment that looks like a Word document (but it’s really an RTF document). If you open this malicious document, it loads a banking trojan onto your computer. The good news is Microsoft just released their monthly patches, including one that fixes this vulnerability. Watch today’s video to learn more about this zero day flaw and Microsoft (and Adobe’s) patches.
Episode Runtime: 4:14
Direct YouTube Link: https://www.youtube.com/watch?v=KXqY6EXh65k
EPISODE REFERENCES:
- New email attack campaign exploit Office zero day flaw – Ars Technica
- Original researchers post on new Office zero day – McAfee
- Zero day email campaign is spreading banking malware – Ars Technica
- The Office zero day is only one of three being exploited – Ars Technica
- Microsoft’s Security Guidance page for April Patch Day – Microsoft
- Release notes for Microsoft April 2017 Patch Day – Microsoft
- Nice summary of Microsoft Patch Day – Qualys
- Adobe security page summarizing April Patch Day – Adobe
Corey Nachreiner, CISSP (@SecAdept)
Leave a Reply