This post is worthy of a BOLO. Fixed earlier this month in the Patch Tuesday updates is a bug that has existed in all versions of Microsoft Office. This bug, CVE-2017-11882, exists in the Equation Editor, which allows users to enter mathematical formulas in Office documents. These formulas exists as OLE (Object Linking and Embedding) objects which can be exploited, via buffer overflow, to allow Remote Code Execution (RCE).
Infection occurs without any clicks, warnings, or anything else. Just open the Office document (it can be any kind – Word, Excel, PowerPoint, Access, etc.) and you’re infected. It is not pretty.
Bleeping Computer has a nice write-up about this bug here:
https://www.bleepingcomputer.com/news/security/office-equation-editor-security-bug-runs-malicious-code-without-user-interaction/
The really bad news is that there are active exploits that are being distributed like crazy, particularly from a threat actor known as “Cobalt“. Again, Bleeping Computer talks about this here.
If you haven’t yet installed this month’s Patch Tuesday (11/14/2017) Windows Updates, update now! As always, do not open Office Documents sent from third-parties. Make sure that you verbally contact the sender to confirm trust.
Long Live the “SneakerNet“