Microsoft released a security update for a flaw in the OLE API that affects most versions of Microsoft Word. Microsoft today patched a critcial zero-day vulnerability in Microsoft Office/WordPad that attackers had been exploiting in the wild for months. CVE-2017-0199 is a remote code execution vulnerability in the Windows Object Linking and Embedding (OLE) application programming interface. The vulnerability already had been weaponized in attacks to distribute the Dridex banking Trojan, as a botnet payload, and in a cyber espionage campaign.
View full story
ORIGINAL SOURCE: Dark Reading