Microsoft released a security update for a flaw in the OLE API that affects most versions of Microsoft Word. Microsoft today patched a critcial zero-day vulnerability in Microsoft Office/WordPad that attackers had been exploiting in the wild for months. CVE-2017-0199 is a remote code execution vulnerability in the Windows Object Linking and Embedding (OLE) application programming interface. The vulnerability already had been weaponized in attacks to distribute the Dridex banking Trojan, as a botnet payload, and in a cyber espionage campaign.
ORIGINAL SOURCE: Dark Reading
The post Microsoft Office Zero-Day Patched After Months of Attacks appeared first on IT SECURITY GURU.
from Microsoft Office Zero-Day Patched After Months of Attacks