There’s a big difference between Microsoft’s statements about CVE-2017-11882 (Office exploit) vs the reporters. The reporters claim they have an exploit, Microsoft say no exploit. MS only say Important, reporters say no prompt RCE.
-
Show this thread
-
Kevin Beaumont Retweeted
I call on @_embedi_ to release the proof of concept so we can make a more informed assessment https://twitter.com/_embedi_/status/930498911676108801 …
Kevin Beaumont added,
This Tweet is unavailable.2 replies 8 retweets 33 likesShow this thread -
I am continuing to investigate this issue. MS rank patch as Important and say exploitation unlikely, in spirit of cooperation - rate it higher in your orgs and deploy it, exploitation is going to be highly likely it appears.
3 replies 3 retweets 16 likesShow this thread -
I can independently confirm that CVE-2017-11882 (OLE Equation Editor) is real. I've tried it against Office 2007, 2010, 2013 and 2016 successfully across Windows 7, 10 and Windows Server 2016. 100% reliable code execution. Patch it.pic.twitter.com/9Wks0y2gBG
4 replies 141 retweets 211 likesShow this thread -
Replying to @GossiTheDog
Any system with system-wide mandatory ASLR enabled (and bottom-up ASLR if you're on Windows 8 or newer) would have already been protected against this exploit.
3 replies 1 retweet 3 likes -
Replying to @wdormann
that screenshot is Windows Server 2016, it doesn't stop it
1 reply 0 retweets 2 likes -
Replying to @GossiTheDog
I suspect you didn't have system-wide ASLR properly enabled.
2 replies 0 retweets 2 likes -
Mandatory ASLR isn't enabled by default. Where do eqnedt32.exe load for you? 0x400000 - No Mandatory ASLR 0x010000 - Mandatory ASLR, but not bottom-up ASLR (on Win8 or later) 0xanythingelse - Mandatory ASLR functioning properly (and exploit blocked)https://www.kb.cert.org/vuls/id/817544
-
-
Replying to @wdormann @GossiTheDog
I thought
@msftsecurity already enabled it by default, because they told that we shouldn't use#EMET anymore, since#WinX and Server2016.0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.