Microsoft warns users about email security scam

News
By published

Yet another reason to keep your software updated

Image credit: Pixabay (Image credit: Image Credit: Geralt / Pixabay)

Security researchers at Microsoft have issued a warning concerning an ongoing spam wave which utilizes malicious RTF documents to infect users' systems with malware.

According to the company, the spam wave is specifically targeting European users as the emails are sent in various European languages. The Microsoft Security Intelligence team explained how the campaign worked, saying:

"In the new campaign, the RTF file downloads and runs multiple scripts of different types (VBScript, PowerShell, PHP, others) to download the payload."

The final payload is a backdoor trojan whose command and control servers went offline around the same time Microsoft issued its warning on the campaign. 

Equation Editor vulnerability

As the initial infection vector relies on an older Office vulnerability, users can be completely safe from this spam campaign by updating their software as Microsoft patched the vulnerability back in November of 2017.

The vulnerability is referred to as CVE-2017-11882 and is a codename for a vulnerability in an older version of the Equation Editor component included with Office. Security researchers from Embedi discovered a bug in this older component back in 2017 that allowed hackers to execute code on a user's device after they opened a weaponized Office file containing a special exploit.

Once a second Equation Editor bug was discovered in 2018, Microsoft decided to completely remove the older Equation Editor component from Office. However, as organizations and individuals often fail or forget to install software updates, cybercriminals were still able to exploit the vulnerability even after the company released an update that would mitigate the issue.

According to a report from Recorded Future as well as one from Kaspersky Lab, the CVE-2017-11882 vulnerability was one of the top exploited vulnerabilities of 2018 as hackers continued to prey on users that had yet to update their software.

Via ZDNet

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Latest in News
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa Devices, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
More about security
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.

Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Isometric demonstrating multi-factor authentication using a mobile device.

NCSC gets influencers to sing the praises of 2FA
Amazon Big Spring Sale 2025 tech deals

I'm an Amazon shopping expert – here are the best tech deals I recommend in its Big Spring Sale
See more latest
Most Popular
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa Devices, and it's about time
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
The cast of Black Mirror season 7
Everything new on Netflix in April 2025 – including Black Mirror season 7 and Love on the Spectrum
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Businessman holding a magnifier and searching for a hacker within a business team.
Cloud streaming hoster StreamElements confirms data breach following attack
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Nintendo Virtual Game Card
Nintendo reveals the new Virtual Game Card feature, an easier way to manage your digital Switch games
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does
A digital representation of blockchain.
Malicious npm packages use devious backdoors to target users