APT33 Exploits Old Outlook Flaw: Urgent Patching Recommended

US Cyber Command has issued a warning about an unnamed foreign country’s attempt to spread malware through the exploitation of a vulnerability in Microsoft Outlook.

The alert, posted on Twitter, refers to CVE-2017-11774, a vulnerability in Outlook that if exploited could allow an attacker to bypass security features and execute arbitrary commands on targeted Windows computers.

Microsoft issued a patch for the vulnerability in October 2017, but the security hole has since continued to be used by the Iranian-backed APT33 (also known as Elfin) hacking group.

The link for this article located at Hot for Security is no longer available.