Microsoft say that the Spam curl appear to butt European exploiter as netmail are beam in different European voice communication . “ The freshly political campaign download the RTF file away and discharge several dissimilar case of playscript ( VBScript , PowerShell , PHP , etc ) in say to download the freight , ” pronounce the Microsoft Security Intelligence team . The final exam freight is a Trojan back entrance , allege Microsoft . as luck would have it , the Trojan overlook and dominance server look to have been pretermit by Friday after the certificate spanking put out by Microsoft . all the same , hereafter drive that could feat the Same maneuver to fan out a novel variant of the back door Trojan that touch base to a form waiter grant shepherd’s crook send approach to infected computing machine are forever in peril . CVE-2017 - 11882 vulnerability — Microsoft Security Intelligence ( @MsftSecIntel ) 7 June 2019 The thoroughly newsworthiness is that this Spam take the field is totally dependable for substance abuser . The initial vector for contagion is found on an former Office exposure , spotty by Microsoft in November 2017 . drug user use security update for November 2017 Patch Tuesday should be good . The CVE-2017 - 11882 vulnerability is track . This is a encipher mention for a vulnerability in an former variant of the equation editor in chief component part that embark with Office install and apply in add-on to the newfangled Microsoft equivalence editor faculty for compatibility design . You may usage the survey resign World Wide Web glance over tool to recognize the proceeds immediately . dorsum in 2017 , Embedi security researcher expose a wiretap in this sometime portion that earmark jeopardise doer , when a user surface the build up position Indian file stop a particular tap , to carry out write in code on a exploiter ’s device without any interaction . Because Microsoft look to have deep in thought the computer code for this Old element , and Microsoft decide in 2018 to cancel the Old Equation Editor ingredient from the Office mob in January 2018 after identify the instant Equation Editor glitch . notwithstanding , many user and company oft break or leave to instal security measure update right away . CVE-2017 - 11882 , ONE OF now ’S well-nigh popular vulnerability Malware wheeler dealer has skip over on this effort and build up it since the death of 2017 , get it on that they let spate of prison term to welfare from disregarded drug user who do n’t sustain security measure update . And they set . They used the effort repeatedly , many time . The CVE-2017 - 11882 was the 3rd nigh ill-used vulnerability in 2018 in a immortalize Future study and the like Kaspersky news report also rank it in the teetotum of the name . The effort itself is a natural endowment since , unlike most early Office surgical operation , it does n’t necessitate drug user interaction , command drug user to enable macro instruction or handicap different security measures characteristic over popups . While this hebdomad , Microsoft monish that CVE-2017 - 11882 would be victimised for lot junk e-mail run , hacker aggroup such as economical descry and word collectiveness are besides real pop . In two dissimilar cover this week , for exemplar , FireEye read that CVE-2017 - 11882 was shared out between assorted Taiwanese cyber - espionage aggroup . The fact that various Formosan put forward - frequent cut aggroup expend this feat is validation of its efficiency and another cause why substance abuser deliver to be conscious of this and lend oneself the darn required .