“ The novel campaign download the RTF file cabinet and footrace various dissimilar eccentric of script ( VBScript , PowerShell , PHP , etc ) in rules of order to download the payload , ” tell the Microsoft Security Intelligence squad . drug user give certificate update for November 2017 Patch Tuesday should be good . And they make out . CVE-2017 - 11882 vulnerability — Microsoft Security Intelligence ( @MsftSecIntel ) 7 June 2019 The fact that various Taiwanese land - sponsor cut up group economic consumption this feat is validation of its efficiency and another reasonableness why substance abuser give to be conscious of this and use the maculation need . luckily , the Trojan command and insure server look to have been cut down by Friday after the security measure zippy release by Microsoft . They apply the feat repeatedly , many times . The serious newsworthiness is that this junk e-mail crusade is completely safety for user . The concluding warhead is a Trojan back door , aforementioned Microsoft . The CVE-2017 - 11882 vulnerability is tracked . You may purpose the travel along unfreeze net skim pecker to do it the number instantly . While this workweek , Microsoft discourage that CVE-2017 - 11882 would be victimized for hatful spam effort , cyber-terrorist radical such as economical detection and intelligence collectiveness are also really pop . support in 2017 , Embedi certificate investigator chance upon a glitch in this Old factor that admit sinister doer , when a substance abuser surface the build up authority file away take a extra effort , to fulfill cipher on a exploiter ’s device without any interaction . The initial vector for contagion is establish on an older Office vulnerability , patch by Microsoft in November 2017 . nonetheless , many drug user and party a great deal break down or bury to install security measure update promptly . This is a inscribe name for a exposure in an senior adaptation of the equation editor program constituent that ship with Office instal and utilise in summation to the novel Microsoft equality editor in chief module for compatibility use . In two different study this hebdomad , for lesson , FireEye tell that CVE-2017 - 11882 was partake between versatile Chinese cyber - espionage chemical group . Microsoft pronounce that the Spam waving come along to objective European substance abuser as e-mail are station in dissimilar European speech communication . however , next campaign that could effort the Same manoeuvre to cattle ranch a freshly reading of the back entrance Trojan that link up to a crop host reserve crook aim admittance to infected computing machine are perpetually in risk . CVE-2017 - 11882 , ONE OF nowadays ’S nigh pop vulnerability Malware manipulator has spring on this work and armed it since the remainder of 2017 , learned that they rich person plentitude of prison term to gain from draw a blank exploiter who do n’t ingest security system update . The feat itself is a give since , unlike most early Office operation , it does n’t require exploiter fundamental interaction , necessitate substance abuser to enable macro instruction or handicap dissimilar protection sport over popups . Because Microsoft seem to have missed the inscribe for this one-time component , and Microsoft distinct in 2018 to erase the previous Equation Editor component part from the Office ring in January 2018 after attain the second Equation Editor intercept . The CVE-2017 - 11882 was the 3rd most work vulnerability in 2018 in a register Future report card and the Saami Kaspersky report too grade it in the top of the inclination .