I am continuing to investigate this issue. MS rank patch as Important and say exploitation unlikely, in spirit of cooperation - rate it higher in your orgs and deploy it, exploitation is going to be highly likely it appears.
-
Show this thread
-
I can independently confirm that CVE-2017-11882 (OLE Equation Editor) is real. I've tried it against Office 2007, 2010, 2013 and 2016 successfully across Windows 7, 10 and Windows Server 2016. 100% reliable code execution. Patch it.pic.twitter.com/9Wks0y2gBG
4 replies 141 retweets 211 likesShow this thread -
Replying to @GossiTheDog
Any system with system-wide mandatory ASLR enabled (and bottom-up ASLR if you're on Windows 8 or newer) would have already been protected against this exploit.
3 replies 1 retweet 3 likes -
Replying to @wdormann
that screenshot is Windows Server 2016, it doesn't stop it
1 reply 0 retweets 2 likes -
Replying to @GossiTheDog
I suspect you didn't have system-wide ASLR properly enabled.
2 replies 0 retweets 2 likes -
This Tweet is unavailable.
-
Replying to @4Dgifts @GossiTheDog
I suspect that most people don't have it properly enabled as well. People that care about blocking exploits should have already had mandatory ASLR enabled. Up until recently, though, people who thought they were enabling it on Win8+ probably weren't doing so properly.
1 reply 2 retweets 2 likes -
I can't figure out how to enable it on Windows Server 2016.
1 reply 0 retweets 0 likes -
Replying to @GossiTheDog @4Dgifts
You've read https://www.kb.cert.org/vuls/id/817544 ? Imported the registry file? If that didn't do it, let me know...
2 replies 0 retweets 0 likes -
Confirmed - this works well, stops exploit. However it broke some crap 90s app on my server, Delphi FTW :D
1 reply 0 retweets 2 likes
It's a good way to flush out crap that shouldn't be on your system in the first place! :)
-
This Tweet is unavailable.
-
-
Don't we all love Delphi (:
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.