Microsoft has issued a warning on an ongoing malspam campaign that drops a backdoor trojan by abusing an old MS Office vulnerability. This campaign targets European users with emails written in various European languages.
How does this campaign work?
“An active malware campaign using emails in European languages distributes RTF files that carry the CVE-2017-11882 exploit, which allows attackers to automatically run malicious code without requiring user interaction,” Microsoft Security Intelligence tweeted.
What is the Microsoft Office vulnerability?
The Microsoft Office vulnerability (tracked as CVE-2017-11882) has been patched in November 2017, however, this vulnerability has been exploited ever since. This vulnerability has also been ranked as the third-most exploited vulnerability of 2018.
This vulnerability allows attackers to execute code on users' device without any user interaction.
The good news
However, the good news is that the backdoor trojan’s C&C server has been taken down since Microsoft issued a security alert. However, in order to avoid future exploit, it is wise to patch the vulnerability by updating the November 2017 Patch Tuesday security updates.