Happy Friday,
It's code red at Microsoft. An advisory was posted this week that warns of an unpatched zero-day in multiple Microsoft Office products that was found to be actively exploited in the wild.
A zero day vulnerability means that bad guys have found a way into a software program, system or device in a way that the manufacturer cannot defend against. Think of it like a tidal wave heading toward shore - there's no stopping it. In this case, an attacker could create a specially crafted Microsoft Office document that if the victim opens up, gives the bad actor backdoor access to their computer.
The Takeaway
Microsoft is currently working to address the vulnerability which will be released at the upcoming August Patch Tuesday event, which occurs on the second Tuesday of each month at about 10am PST.
Until then be sure that your employees are trained and know not to open any unexpected Word, Excel, Powerpoint or OneNote email attachments.
Tip: Read through the email content before opening ANY attachment, read the subject line and check for typos and other errors. If the sender appears legitimate, but the content of the email does not seem like something they would send, it could be fake. Report the email to your IT department and delete it.
Stay safe out there.
-Attila
ChatGPT's joke for today on the topic of email attachments:
Knock, knock. Who's there? An e-mail attachment. An e-mail attachment who?
I now own your computer.
Comments