16.7 C
Los Angeles
Friday, September 22, 2023

Kamel Park Hotel Contacts

Kamel Park Hotel is a great definition...


Makro and The Fruitspot are the two...
HomeTechnologyWebmasterCVE-2017-11882: five years of...

CVE-2017-11882: five years of exploitation

- Advertisement -

We constantly emphasize how important it is to promptly install patches for vulnerabilities in software that is most often being exploited in cyberattacks — operating systems, browsers and office applications. Here is a good illustration of this thesis: according to our statistics on vulnerabilities, the most commonly exploited in the attacks on our customers, CVE-2017-11882 in Microsoft Office is still quite popular among the cybercriminals. And that is despite the fact that the update that fixes this vulnerability was released back in November 2017! Such lasting popularity of CVE-2017-11882 can only mean that someone hadn’t installed patches for the Microsoft office for more than five years.

What is CVE-2017-11882 vulnerability?

CVE-2017-11882 is a RCE vulnerability in the equation editor from the Microsoft Office and it is associated with a failure to handle objects in RAM. To exploit the vulnerability, an attacker must create a malicious file and somehow convince the victim to open it. Most often, such file is sent by e-mail or is hosted on a compromised site.

Successful exploitation of the CVE-2017-11882 vulnerability allows an attacker to execute arbitrary code with the privileges of the user who opened the malicious file. Thus, if the victim has administrator rights, the attacker will be able to take full control of his system — install programs; view, modify or destroy data; and even create new accounts.

At the end of 2017, when information about the vulnerability was first published, there were no attempts to exploit it. But in under a week, a proof of concept (PoC) appeared on the Internet, and attacks using CVE-2017-11882 began over the next few days.

- Advertisement -

In 2018, it became one of the most exploited vulnerabilities in Microsoft Office. In 2020, during the Covid-19 pandemic, CVE-2017-11882 was actively used in malicious mailouts that exploited the topic of disrupted deliveries due to the medical restrictions. And now, in 2023, this vulnerability apparently still serves malefactors’ purposes!

How to stay safe

Of course, CVE-2017-11882 is not the only vulnerability that has been used in attacks for many years. And not even the most dangerous of them. It is surprising, however, that despite its relative popularity (quite a lot was written about it back in 2017), as well as the availability of updates and more recent versions of MS Office, someone is still using vulnerable versions of the office suite.

- Advertisement -

So, first of all we recommend all companies that use Microsoft Office to make sure that they are working with the patched version of the suite. It is also usually a good idea to monitor new releases of security patches and install them timely. The rest of the advice is pretty standard:

  • avoid working with office documents with administrator rights;
  • do not open documents sent by unknown persons and for unknown reasons;
  • use security solutions that can stop the exploitation of vulnerabilities.

Kaspersky Endpoint Security for Business detects and blocks exploitation attempts of all known vulnerabilities (including this one), as well as yet undiscovered ones.

Make sure to check out our social media to keep track of the latest content.

Instagram @nyongesasande

Twitter @nyongesasande

Facebook Nyongesa Sande

YouTube @nyongesasande

Disclaimer: The information that Nyongesasande.com provides on this website is obtained from publicly available resources and is intended for information or educational purposes only. We aim to present the most accurate information possible. Through this website, you might link to other websites which are not under our control. We have no control over the nature, content and availability of those websites. Inclusion of any links does not necessarily imply a recommendation or endorsement of the views expressed within them. All content on this website is copyright to the website’s owner and all rights are reserved. We take no responsibility for, and will not be liable for, the website being temporarily unavailable due to technical issues beyond our control. Please refer to our terms and conditions and privacy policy before using this website.

- A word from our sponsors -

Most Popular

More from Author

Duncan Kiige: A Remarkable Force in the World of Social Work

Duncan Kiige is indeed a force to reckon with in the...

Kamel Park Hotel Contacts

Kamel Park Hotel is a great definition of tranquility due to...


Makro and The Fruitspot are the two components of Masswarhouse. Makro...

Murray and Roberts Holdings

Murray and Roberts Holding is a South Africa based engineering and...

- A word from our sponsors -

Read Now