NCC Group is currently aware of a zero-day vulnerability targeting Microsoft Office users which is being exploited in the wild by a number of threat actors including organised criminal gangs.
NCC Group has identified various samples exploiting this issue from as far back as 2016.
Click here to see NCC Group’s analysis: https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%20zero-day%20(April%202017)/2017-04%20Office%20OLE2Link%20zero-day%20v0.4.pdf
In the interim, the NCC Group Cyber Defence Operations team has released a Suricata IDS signature for the download element of the exploit – https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/april2017_ole2link_0day.txt
For more information, contact cirt@nccgroup.trust.
Written by Cyber Defence Operations Team
First published on 11/04/17
