Enlarge (credit: Stephen Brashear / Getty Images News)
A zero-day code-execution vulnerability in Microsoft Office is one of three critical flaws under active attack in the wild, Microsoft warned Tuesday as it rolled out a batch of updates that plug the security holes.
As Ars reported Monday night, attackers are exploiting the flaw to infect unsuspecting Word users with bank-fraud malware known as Dridex. Blog posts published Tuesday morning by security firms Netskope and FireEye reported that attackers are exploiting the same bug to install malware with the names Godzilla and Latenbot.
Ryan Hanson, a researcher at security firm Optiv and the person Microsoft credited with reporting the critical bug, said exploits can execute malicious code even when a mitigation known as Protected View isn’t disabled. The attacks are able to bypass other exploit mitigations as well. Microsoft’s fix for CVE-2017-0199, as the flaw is indexed, is here.