Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures

NCC Group is currently aware of a zero-day vulnerability targeting Microsoft Office users which is being exploited in the wild by a number of threat actors including organised criminal gangs.

NCC Group has identified various samples exploiting this issue from as far back as 2016.

Click here to see NCC Group’s analysis: https://github.com/nccgroup/Cyber-Defence/blob/master/Technical%20Notes/Office%20zero-day%20(April%202017)/2017-04%20Office%20OLE2Link%20zero-day%20v0.4.pdf

In the interim, the NCC Group Cyber Defence Operations team has released a Suricata IDS signature for the download element of the exploit – https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/april2017_ole2link_0day.txt

For more information, contact cirt@nccgroup.trust.

Written by Cyber Defence Operations Team
First published on 11/04/17