Hackers exploit patched Microsoft Outlook flaw to infect machines

Cyber security experts suggest the attackers originate from the Iranian cyber gang ATP33

outlook app on phone

Cyber criminals are actively exploiting a Microsoft Outlook vulnerability that was patched more than a year-and-a-half ago to infect users' machines with malware.

According to the US Cyber Command, the equivalent of the UK's National Cyber Security Centre (NCSC), attackers are once again maliciously abusing the CVE-2017-11774 flaw with Outlook Home Page. This was first discovered, and patched, in October 2017.

Although the vulnerability was deemed unlikely to be exploited at the time of disclosure, the cyber security organisation is urging Outlook users to patch their systems after noticing a flurry in cyber activity.

The vulnerability centred on Microsoft Outlook improperly handling objects in memory, which could allow an attacker to execute arbitrary commands if successfully exploited. Moreover, in file-sharing scenarios, an attacker could provide a specifically-crafted document designed to exploit the flaw, and convince users to open the file and interact with it.

Patches to mitigate this flaw were issued for Outlook 2010, 2013, 2013 RT, and 2016 across 32-bit and 64-bit systems many months ago, but active exploitation suggests that many users still haven't updated their software.

US Cyber Command has not disclosed any further information. FireEye's senior manager for adversary methods Nick Carr, however, suggested the current wave of attacks bears striking similarities to previous campaigns by the Iranian group APT33.

The cyber security company previously detailed the methods behind the active exploitation of CVE-2017-11774 in December after noticing an uptick in malicious actors' usage of a specific homepage exploitation technique.

Carr also suggested the malware families, Yara rules and hunting methods shared still apply to the cyber gang's current campaign, which has been running from mid-June to the present day.

The continued exploitation of a vulnerability that was patched more than 18 months ago demonstrates the importance of routine patching. Moreover, the risks of a cyber attack are ever-present given Microsoft Outlook used by swathes of organisations.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021
UK’s IoT security regulation will also include smartphones
Internet of Things (IoT)

UK’s IoT security regulation will also include smartphones

21 Apr 2021
eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020
phishing

eBay, Apple, Microsoft, Facebook, and Google were phishers’ top targets in 2020

20 Apr 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021