There’s a big difference between Microsoft’s statements about CVE-2017-11882 (Office exploit) vs the reporters. The reporters claim they have an exploit, Microsoft say no exploit. MS only say Important, reporters say no prompt RCE.
-
Show this thread
-
Kevin Beaumont Retweeted
I call on @_embedi_ to release the proof of concept so we can make a more informed assessment https://twitter.com/_embedi_/status/930498911676108801 …
Kevin Beaumont added,
This Tweet is unavailable.2 replies 8 retweets 33 likesShow this thread -
I am continuing to investigate this issue. MS rank patch as Important and say exploitation unlikely, in spirit of cooperation - rate it higher in your orgs and deploy it, exploitation is going to be highly likely it appears.
3 replies 3 retweets 16 likesShow this thread -
I can independently confirm that CVE-2017-11882 (OLE Equation Editor) is real. I've tried it against Office 2007, 2010, 2013 and 2016 successfully across Windows 7, 10 and Windows Server 2016. 100% reliable code execution. Patch it.pic.twitter.com/9Wks0y2gBG
4 replies 141 retweets 211 likesShow this thread -
Replying to @GossiTheDog
Any system with system-wide mandatory ASLR enabled (and bottom-up ASLR if you're on Windows 8 or newer) would have already been protected against this exploit.
3 replies 1 retweet 3 likes -
Replying to @wdormann
that screenshot is Windows Server 2016, it doesn't stop it
1 reply 0 retweets 2 likes -
Replying to @GossiTheDog
I suspect you didn't have system-wide ASLR properly enabled.
2 replies 0 retweets 2 likes -
This Tweet is unavailable.
I suspect that most people don't have it properly enabled as well. People that care about blocking exploits should have already had mandatory ASLR enabled. Up until recently, though, people who thought they were enabling it on Win8+ probably weren't doing so properly.
-
-
I can't figure out how to enable it on Windows Server 2016.
1 reply 0 retweets 0 likes -
Replying to @GossiTheDog @4Dgifts
You've read https://www.kb.cert.org/vuls/id/817544 ? Imported the registry file? If that didn't do it, let me know...
2 replies 0 retweets 0 likes - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.