Highlights and Updates

Patched Word Flaw Used by Governments and Criminals

Friday, 21st April 2017

One of the vulnerabilities fixed in Microsoft's Patch Tuesday for April has been used by both governments and criminals. 

The flaw in Microsoft Word lies in Windows' Object Linking and Embedding (OLE) function. 

Criminals have been exploiting the vulnerability to spread Dridex banking malware. 

The vulnerability has also been exploited by governments to conduct espionage.

Read more in:

ZDNet: Recently patched Microsoft Word exploit was used by both governments and criminal hackers http://www.zdnet.com/article/recently-patched-microsoft-word-bug-was-exploited-for-surveillance-and-espionage/

The Hill: Report: Microsoft Word flaw was used in both espionage, crime since January http://thehill.com/policy/cybersecurity/328437-report-microsoft-word-flaw-used-in-espionage-crime-since-january

CyberScoop: Millions hit with banking malware using new Microsoft Word zero day https://www.cyberscoop.com/millions-hit-banking-malware-using-new-microsoft-word-zero-day/