US Cyber Command issues alert about hackers exploiting Outlook vulnerability


US Cyber Command has issued an alert via Twitter today about threat actors abusing an Outlook vulnerability to plant malware on government networks.

The vulnerability is CVE-2017-11774, a security bug that Microsoft patched in Outlook in the October 2017 Patch Tuesday.

The Outlook bug, discovered and detailed by security researchers from SensePost, allows a threat actor to escape from the Outlook sandbox and run malicious code on the underlying operating system.

Read more…
Source: ZDNet