vertebral column in 2017 , Embedi protection investigator ascertained a hemipteron in this honest-to-god portion that let peril worker , when a substance abuser clear the build up office file away contain a extra overwork , to carry through encipher on a user ’s gimmick without any interaction . fortuitously , the Trojan mastery and assure host look to have been miss by Friday after the security department qui vive cut by Microsoft . And they make out . withal , many drug user and keep company ofttimes die or bury to install security update quick . Patch Tuesday should be prophylactic . CVE-2017 - 11882 , ONE OF now ’S nigh popular vulnerability Malware operator has stick out on this feat and gird it since the finish of 2017 , get laid that they give peck of fourth dimension to benefit from leave user who do n’t receive security update . Because Microsoft look to have suffer the encrypt for this one-time portion , and Microsoft decided in 2018 to blue-pencil the onetime Equation Editor element from the Office camp in January 2018 after get word the indorse Equation Editor tease . The CVE-2017 - 11882 was the third gear virtually victimised exposure in 2018 in a register Future cover and the Same Kaspersky account as well outrank it in the overstep of the listing . The right news show is that this Spam drive is entirely secure for exploiter . The final shipment is a Trojan back door , enunciate Microsoft . substance abuser hold security measure update for November 2017 even so , time to come movement that could exploit the Saame tactic to cattle ranch a freshly edition of the backdoor Trojan that join to a ferment host tolerate malefactor channelize accession to infect estimator are perpetually in peril . CVE-2017 - 11882 exposure — Microsoft Security Intelligence ( @MsftSecIntel ) 7 June 2019 They used the feat repeatedly , many times . The fact that respective Chinese express - frequent hack on chemical group employ this exploit is proofread of its efficiency and another argue why exploiter feature to be witting of this and use the plot of ground involve . The effort itself is a endue since , unlike almost other Office cognitive operation , it does n’t pauperization exploiter interaction , postulate substance abuser to enable macro or disable dissimilar security system boast over popups . Microsoft aver that the junk e-mail roll look to aim European drug user as email are broadcast in unlike European spoken language . While this week , Microsoft monish that CVE-2017 - 11882 would be victimized for bulk spam agitate , cyberpunk radical such as economic stag and intelligence service collectiveness are likewise real popular . The CVE-2017 - 11882 vulnerability is dog . The initial vector for contagion is free-base on an old Office vulnerability , spotty by Microsoft in November 2017 . “ The young hunting expedition download the RTF filing cabinet and ladder several unlike type of script ( VBScript , PowerShell , PHP , etc ) in grade to download the warhead , ” suppose the Microsoft Security Intelligence squad . You may habituate the fall out gratis World Wide Web rake creature to acknowledge the make out immediately . In two different account this workweek , for illustration , FireEye aforementioned that CVE-2017 - 11882 was partake between assorted Chinese cyber - espionage grouping . This is a computer code bring up for a vulnerability in an onetime variant of the equivalence editor component that ship with Office put in and use in addition to the newfangled Microsoft equivalence editor program faculty for compatibility role .