There’s a big difference between Microsoft’s statements about CVE-2017-11882 (Office exploit) vs the reporters. The reporters claim they have an exploit, Microsoft say no exploit. MS only say Important, reporters say no prompt RCE.
-
Show this thread
-
Kevin Beaumont Retweeted
I call on @_embedi_ to release the proof of concept so we can make a more informed assessment https://twitter.com/_embedi_/status/930498911676108801 …
Kevin Beaumont added,
This Tweet is unavailable.2 replies 8 retweets 33 likesShow this thread -
I am continuing to investigate this issue. MS rank patch as Important and say exploitation unlikely, in spirit of cooperation - rate it higher in your orgs and deploy it, exploitation is going to be highly likely it appears.
3 replies 3 retweets 16 likesShow this thread -
I can independently confirm that CVE-2017-11882 (OLE Equation Editor) is real. I've tried it against Office 2007, 2010, 2013 and 2016 successfully across Windows 7, 10 and Windows Server 2016. 100% reliable code execution. Patch it.pic.twitter.com/9Wks0y2gBG
4 replies 141 retweets 211 likesShow this thread -
Replying to @GossiTheDog
Any system with system-wide mandatory ASLR enabled (and bottom-up ASLR if you're on Windows 8 or newer) would have already been protected against this exploit.
3 replies 1 retweet 3 likes -
Replying to @wdormann @GossiTheDog
If I apply full EMET to the equation editor, does that help?
1 reply 0 retweets 0 likes
Sure, that's a more precise mitigation, and will block the exploit. It'll have less potential for collateral damage, but will also do nothing to protect against non-eqnedt32.exe exploits. Consider system-wide mandatory ASLR in the long run, in preparation for the next vul like it
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.