Security researchers from Microsoft have warned users that there is a new ongoing spam campaign spreading malicious files.
The warning concerns certain emails carrying RTF documents that could infect the user with a Trojan. Apart from opening the document, no further interaction is needed to be infected.
Microsoft believes the campaign is targeting European users, given that many of the spam messages were written in European languages.
"In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload," the Microsoft Security Intelligence team said.
The good news is – the Trojan’s command and control server is offline at the moment. Still, it may come back online at any time, so extra caution is advised.
So how does one protect him/herself from this vulnerability. Apparently, quite easily. All you need to do (if you haven’t already) is download and install the November 2017 Patch Tuesday security updates.
The vulnerability itself is dubbed CVE-2017-11882. It uses a flaw in the older versions of the Equation Editor component that ships with Office installs, and is usually used for compatibility purposes in addition to Microsoft's newer Equation Editor module.
“Office 365 ATP detects the emails and attachments used in this campaign,” Microsoft said in a tweet.
“Windows Defender ATP detects the documents as Exploit:O97M/CVE-2017-11882.AD and the payload as Trojan:MSIL/Cretasker. Other mitigations, like attack surface reduction rules, also block the exploit.”
Image Credit: Evannovostro / Shutterstock